Malware Analysis Report

2024-10-19 06:17

Sample ID 220324-pl3hjadedl
Target 252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef
SHA256 252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef
Tags
prometheus discovery persistence ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef

Threat Level: Known bad

The file 252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef was found to be: Known bad.

Malicious Activity Summary

prometheus discovery persistence ransomware

Prometheus Ransomware

Modifies system executable filetype association

Registers COM server for autorun

Grants admin privileges

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Gathers system information

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Runs net.exe

Modifies registry class

Enumerates processes with tasklist

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Gathers network information

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-03-30 11:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-03-24 12:25

Reported

2022-03-24 12:49

Platform

win7-20220310-en

Max time kernel

297s

Max time network

1239s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef.zip

Signatures

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A

Prometheus Ransomware

ransomware prometheus

Registers COM server for autorun

persistence

Grants admin privileges

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Default64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_260099640 C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Order.htm C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Order.htm C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WinRAR.chm C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinRAR.chm C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinCon64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\License.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\rarnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\zipnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File created C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Zip64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Default64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\License.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\Downloads\winrar-x64-611.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\ipconfig.exe N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\system32\systeminfo.exe N/A
N/A N/A C:\Windows\system32\systeminfo.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\winrar-x64-611.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r12\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r20\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\"" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r27\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uu C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bz2 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r17 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r20 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uue C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r15\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lha C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.uue\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r24 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xxe C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.z C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext32.dll" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r18 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r26\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r04 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.7z C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.z\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.taz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r01\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r27 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r25\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tgz C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r09\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r17\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r23\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r24\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0" C:\Program Files\WinRAR\uninstall.exe N/A

Runs net.exe

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-611.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2012 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68d4f50,0x7fef68d4f60,0x7fef68d4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1060 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68d4f50,0x7fef68d4f60,0x7fef68d4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3984 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3380 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4056 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3800 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3340 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3008 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3008 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-611.exe

"C:\Users\Admin\Downloads\winrar-x64-611.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4216 /prefetch:8

C:\Program Files\WinRAR\uninstall.exe

"C:\Program Files\WinRAR\uninstall.exe" /setup

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3516 /prefetch:8

C:\Windows\system32\verclsid.exe

"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=740 /prefetch:8

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -imon1 -- "C:\Users\Admin\Desktop\252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef.zip" "?\"

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -imon1 -- "C:\Users\Admin\Desktop\252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef.zip" C:\Users\Admin\Desktop\

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -imon1 "-anf=C:\Users\Admin\AppData\Local\Temp\Rar$LS1232.3406" -scul -- "C:\Users\Admin\Desktop\Win32\Backdoor.Win32.APT34.PoisonFrogC2.7z" C:\Users\Admin\Desktop\Win32\

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3916 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x188

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\Win32\Backdoor.Win32.APT34.PoisonFrogC2\Poison Frog\server side\installing\install_pachages.bat" "

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\Win32\Backdoor.Win32.APT34.PoisonFrogC2\Poison Frog\server side\routes\index.js"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\Win32\Backdoor.Win32.APT34.PoisonFrogC2\Poison Frog\server side\0000000000.bat" "

C:\Windows\system32\whoami.exe

whoami

C:\Windows\system32\HOSTNAME.EXE

hostname

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\system32\net.exe

net user /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user /domain

C:\Windows\system32\net.exe

net group /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 group /domain

C:\Windows\system32\net.exe

net group "domain admins" /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 group "domain admins" /domain

C:\Windows\system32\net.exe

net group "Exchange Trusted Subsystem" /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 group "Exchange Trusted Subsystem" /domain

C:\Windows\system32\net.exe

net accounts /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 accounts /domain

C:\Windows\system32\net.exe

net user

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user

C:\Windows\system32\net.exe

net localgroup administrators

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup administrators

C:\Windows\system32\NETSTAT.EXE

netstat -an

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\systeminfo.exe

systeminfo

C:\Windows\system32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default"

C:\Windows\system32\schtasks.exe

schtasks /query /FO List /TN "GoogleUpdatesTaskMachineUI" /V

C:\Windows\system32\findstr.exe

findstr /b /n /c:"Repeat: Every:"

C:\Windows\System32\Wbem\WMIC.exe

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\Win32\Backdoor.Win32.APT34.PoisonFrogC2\Poison Frog\server side\9999999999.bat" "

C:\Windows\system32\whoami.exe

whoami

C:\Windows\system32\HOSTNAME.EXE

hostname

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\system32\net.exe

net user /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user /domain

C:\Windows\system32\net.exe

net group /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 group /domain

C:\Windows\system32\net.exe

net group "domain admins" /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 group "domain admins" /domain

C:\Windows\system32\net.exe

net group "Exchange Trusted Subsystem" /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 group "Exchange Trusted Subsystem" /domain

C:\Windows\system32\net.exe

net accounts /domain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 accounts /domain

C:\Windows\system32\net.exe

net user

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user

C:\Windows\system32\net.exe

net localgroup administrators

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup administrators

C:\Windows\system32\NETSTAT.EXE

netstat -an

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\systeminfo.exe

systeminfo

C:\Windows\system32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default"

C:\Windows\system32\schtasks.exe

schtasks /query /FO List /TN "GoogleUpdatesTaskMachineUI" /V

C:\Windows\system32\findstr.exe

findstr /b /n /c:"Repeat: Every:"

C:\Windows\System32\Wbem\WMIC.exe

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1048,11751380809338471988,9647551527768928257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\Win32\Backdoor.Win32.APT34.PoisonFrogC2\Poison Frog\server side\config.json

Network

Country Destination Domain Proto
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
NL 172.217.168.237:443 accounts.google.com tcp
NL 142.250.179.174:443 clients2.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.174:443 clients2.google.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
NL 172.217.168.193:443 clients2.googleusercontent.com udp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.142:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.4.4:443 dns.google udp
US 35.186.225.202:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.4.4:443 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.4.4:443 dns.google udp
NL 172.217.168.206:443 tcp
NL 172.217.168.206:443 tcp
NL 172.217.168.206:443 tcp
NL 172.217.168.206:443 tcp
NL 172.217.168.206:443 udp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.142:443 udp
US 8.8.4.4:443 dns.google udp
NL 142.251.39.110:443 play.google.com tcp
NL 142.251.39.110:443 udp
DE 51.195.68.163:443 tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.39.110:443 sb-ssl.google.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.163:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.147:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.174:443 clients2.google.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.4.4:443 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp

Files

\??\pipe\crashpad_2012_LMNKSWHLNQMKQMDZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d4239683ff8022449f501b5b5986b630
SHA1 bfc88141f59b3b90d4b5edb0d7ead95c4674bad6
SHA256 01d7a80cc0c9291b4ad9b005caef1efe94964d2014632e6a5c20acf83ca9ed10
SHA512 3e2d3aac9ff1ee015d601f9c8f6d97f5e3e6d2ecec062dca341d3ba1b1a2fee6aa62605a924a3531970d39448c246c0eda5a45ad4d52c5011e9664ca26543846

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d4239683ff8022449f501b5b5986b630
SHA1 bfc88141f59b3b90d4b5edb0d7ead95c4674bad6
SHA256 01d7a80cc0c9291b4ad9b005caef1efe94964d2014632e6a5c20acf83ca9ed10
SHA512 3e2d3aac9ff1ee015d601f9c8f6d97f5e3e6d2ecec062dca341d3ba1b1a2fee6aa62605a924a3531970d39448c246c0eda5a45ad4d52c5011e9664ca26543846

\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

memory/3052-62-0x0000000000000000-mapping.dmp

\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

C:\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

memory/3052-64-0x000007FEFBCC1000-0x000007FEFBCC3000-memory.dmp

C:\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

\Users\Admin\Downloads\winrar-x64-611.exe

MD5 8a6217d94e1bcbabdd1dfcdcaa83d1b3
SHA1 99b81b01f277540f38ea3e96c9c6dc2a57dfeb92
SHA256 3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684
SHA512 a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

\Program Files\WinRAR\Uninstall.exe

MD5 92667e28583a9489e3cf4f1a7fd6636e
SHA1 faa09990ba4daae970038ed44e3841151d6e7f28
SHA256 9147293554ad43920bcf763ffd6e1183c36b9f8156dc220548426a187a5f2959
SHA512 63555a15f153df59b2ca2ab56cd20d71420eb5c9977bcf774723d8484157172b027f71fb2f7a4692aecc6e471f50beec2e0f7a43e57449714caede1e9684c0b8

memory/948-82-0x0000000000000000-mapping.dmp

C:\Program Files\WinRAR\Uninstall.exe

MD5 92667e28583a9489e3cf4f1a7fd6636e
SHA1 faa09990ba4daae970038ed44e3841151d6e7f28
SHA256 9147293554ad43920bcf763ffd6e1183c36b9f8156dc220548426a187a5f2959
SHA512 63555a15f153df59b2ca2ab56cd20d71420eb5c9977bcf774723d8484157172b027f71fb2f7a4692aecc6e471f50beec2e0f7a43e57449714caede1e9684c0b8

\Program Files\WinRAR\Uninstall.exe

MD5 92667e28583a9489e3cf4f1a7fd6636e
SHA1 faa09990ba4daae970038ed44e3841151d6e7f28
SHA256 9147293554ad43920bcf763ffd6e1183c36b9f8156dc220548426a187a5f2959
SHA512 63555a15f153df59b2ca2ab56cd20d71420eb5c9977bcf774723d8484157172b027f71fb2f7a4692aecc6e471f50beec2e0f7a43e57449714caede1e9684c0b8

\Program Files\WinRAR\Uninstall.exe

MD5 92667e28583a9489e3cf4f1a7fd6636e
SHA1 faa09990ba4daae970038ed44e3841151d6e7f28
SHA256 9147293554ad43920bcf763ffd6e1183c36b9f8156dc220548426a187a5f2959
SHA512 63555a15f153df59b2ca2ab56cd20d71420eb5c9977bcf774723d8484157172b027f71fb2f7a4692aecc6e471f50beec2e0f7a43e57449714caede1e9684c0b8

\Program Files\WinRAR\WinRAR.exe

MD5 0b114fc0f4b6d49f57b3b01dd9ea6a8c
SHA1 23e1480c3ff3a54e712d759e9325d362bf52fabd
SHA256 f0f312fe14599d7379aa247c1d0cc6100db45bfe7f277113134a8157950bcacd
SHA512 e31c3a3da5e72a9d72e245d6e5dcc7c92e4cfcbb6bdbb61061e0586e29f77e8b42a81a0bba99ce45e148a2423907878fb858c40cc1008ef9d90fb8e4e2fcd573

C:\Program Files\WinRAR\WinRAR.exe

MD5 0b114fc0f4b6d49f57b3b01dd9ea6a8c
SHA1 23e1480c3ff3a54e712d759e9325d362bf52fabd
SHA256 f0f312fe14599d7379aa247c1d0cc6100db45bfe7f277113134a8157950bcacd
SHA512 e31c3a3da5e72a9d72e245d6e5dcc7c92e4cfcbb6bdbb61061e0586e29f77e8b42a81a0bba99ce45e148a2423907878fb858c40cc1008ef9d90fb8e4e2fcd573

C:\Program Files\WinRAR\WinRAR.chm

MD5 81b236ef16aaa6a3936fd449b12b82a2
SHA1 698acb3c862c7f3ecf94971e4276e531914e67bc
SHA256 d37819e64ecb61709fcf3435eb9bed790f75163057e36fb94a3465ca353ccc5e
SHA512 968fe20d6fe6879939297b8683da1520a1e0d2b9a5107451fca70b91802492e243976f56090c85eb9f38fca8f74134b8b6aa133ba2e2806d763c9f8516ace769

C:\Program Files\WinRAR\Rar.txt

MD5 8933d6e810668af29d7ba8f1c3b2b9ff
SHA1 760cbb236c4ca6e0003582aaefd72ff8b1c872aa
SHA256 cd3ba458c88bdf8924ebb404c8505d627e6ac7aadc6e351562c1894019604fc7
SHA512 344d737228483add83d5f2b31ae9582ca78013dc4be967f2cdafca24145970e3cb46d75373996150a3c9119ebc81ce9ac50e16696c17a4dea65c9571ef8e745e

C:\Program Files\WinRAR\WhatsNew.txt

MD5 d4c768c52ee077eb09bac094f4af8310
SHA1 c56ae6b4464799fcdc87c5ff5a49ac1ad43482b1
SHA256 8089dfbebdf2142c7f60f5c12098859417b3c997f0b24b696ccaa78a50f3726c
SHA512 5b794b19b5ff10f7356a46f02204d0df3183037bc89d32e3f2c2978ea8f90ac6367fcb225b476cb7c8a3035d82ca1e328791271d3a58b40b9759d4b65e83f847

\Program Files\WinRAR\WinRAR.exe

MD5 0b114fc0f4b6d49f57b3b01dd9ea6a8c
SHA1 23e1480c3ff3a54e712d759e9325d362bf52fabd
SHA256 f0f312fe14599d7379aa247c1d0cc6100db45bfe7f277113134a8157950bcacd
SHA512 e31c3a3da5e72a9d72e245d6e5dcc7c92e4cfcbb6bdbb61061e0586e29f77e8b42a81a0bba99ce45e148a2423907878fb858c40cc1008ef9d90fb8e4e2fcd573

\Program Files\WinRAR\Uninstall.exe

MD5 92667e28583a9489e3cf4f1a7fd6636e
SHA1 faa09990ba4daae970038ed44e3841151d6e7f28
SHA256 9147293554ad43920bcf763ffd6e1183c36b9f8156dc220548426a187a5f2959
SHA512 63555a15f153df59b2ca2ab56cd20d71420eb5c9977bcf774723d8484157172b027f71fb2f7a4692aecc6e471f50beec2e0f7a43e57449714caede1e9684c0b8

\Program Files\WinRAR\WinRAR.exe

MD5 0b114fc0f4b6d49f57b3b01dd9ea6a8c
SHA1 23e1480c3ff3a54e712d759e9325d362bf52fabd
SHA256 f0f312fe14599d7379aa247c1d0cc6100db45bfe7f277113134a8157950bcacd
SHA512 e31c3a3da5e72a9d72e245d6e5dcc7c92e4cfcbb6bdbb61061e0586e29f77e8b42a81a0bba99ce45e148a2423907878fb858c40cc1008ef9d90fb8e4e2fcd573

memory/1244-99-0x0000000000000000-mapping.dmp

memory/2680-100-0x0000000000000000-mapping.dmp

memory/904-101-0x0000000000000000-mapping.dmp

memory/2628-102-0x0000000000000000-mapping.dmp

memory/2240-103-0x0000000000000000-mapping.dmp

memory/2540-104-0x0000000000000000-mapping.dmp

memory/2340-105-0x0000000000000000-mapping.dmp

memory/2200-106-0x0000000000000000-mapping.dmp

memory/2184-107-0x0000000000000000-mapping.dmp

memory/2092-108-0x0000000000000000-mapping.dmp

memory/2228-109-0x0000000000000000-mapping.dmp

memory/1248-110-0x0000000000000000-mapping.dmp

memory/2444-111-0x0000000000000000-mapping.dmp

memory/3004-112-0x0000000000000000-mapping.dmp

memory/1728-113-0x0000000000000000-mapping.dmp

memory/1364-114-0x0000000000000000-mapping.dmp

memory/1444-115-0x0000000000000000-mapping.dmp

memory/1296-116-0x0000000000000000-mapping.dmp

memory/2532-117-0x0000000000000000-mapping.dmp

memory/2940-118-0x0000000000000000-mapping.dmp

memory/1920-119-0x0000000000000000-mapping.dmp

memory/2064-120-0x0000000000000000-mapping.dmp

memory/2944-121-0x0000000000000000-mapping.dmp

memory/840-122-0x0000000000000000-mapping.dmp

memory/2344-123-0x0000000000000000-mapping.dmp

memory/2808-124-0x0000000000000000-mapping.dmp

memory/3000-125-0x0000000000000000-mapping.dmp

memory/2448-126-0x0000000000000000-mapping.dmp

memory/2288-127-0x0000000000000000-mapping.dmp

memory/2848-128-0x0000000000000000-mapping.dmp

memory/3008-129-0x0000000000000000-mapping.dmp

memory/2816-130-0x0000000000000000-mapping.dmp

memory/2796-131-0x0000000000000000-mapping.dmp

memory/1768-132-0x0000000000000000-mapping.dmp

memory/2712-133-0x0000000000000000-mapping.dmp

memory/2900-134-0x0000000000000000-mapping.dmp

memory/2716-135-0x0000000000000000-mapping.dmp

memory/2104-136-0x0000000000000000-mapping.dmp

memory/2740-137-0x0000000000000000-mapping.dmp

memory/2648-138-0x0000000000000000-mapping.dmp

memory/1912-139-0x0000000000000000-mapping.dmp

memory/1244-140-0x0000000000000000-mapping.dmp

memory/2680-141-0x0000000000000000-mapping.dmp

memory/2372-142-0x0000000000000000-mapping.dmp

memory/2628-143-0x0000000000000000-mapping.dmp

memory/2040-144-0x0000000000000000-mapping.dmp

memory/2392-145-0x0000000000000000-mapping.dmp

memory/1400-146-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-03-24 12:25

Reported

2022-03-24 12:49

Platform

win10v2004-en-20220113

Max time kernel

172s

Max time network

697s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef.zip

Network

Country Destination Domain Proto
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp

Files

N/A