Malware Analysis Report

2025-01-02 11:47

Sample ID 230103-w1xzxsfe7x
Target mmc-stable-win32.zip
SHA256 2ef69f36d3a99e423ae6b8de52168fd26656d0c274845270000b013043daac7e
Tags
bazarbackdoor backdoor
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2ef69f36d3a99e423ae6b8de52168fd26656d0c274845270000b013043daac7e

Threat Level: Known bad

The file mmc-stable-win32.zip was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor

BazarBackdoor

Bazar/Team9 Backdoor payload

Downloads MZ/PE file

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Windows directory

Drops file in Program Files directory

Checks processor information in registry

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-01-03 18:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-03 18:23

Reported

2023-01-03 18:27

Platform

win7-20221111-en

Max time kernel

139s

Max time network

140s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mmc-stable-win32.zip

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_351\installer.exe C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\6df632.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\6df632.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6df634.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1162.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI195E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1CB9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1D66.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6df636.msi C:\Windows\system32\msiexec.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\PackageCode = "97BA944EF7A3CCC4488541CAD6E00626" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\ProductIcon = "C:\\Program Files\\Java\\jre1.8.0_351\\\\bin\\javaws.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B33823269140800 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4EA42A62D9304AC4784BF2468130150F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4EA42A62D9304AC4784BF2468130150F\jrecore C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Version = "134221238" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jre1.8.0_351_x64\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\ProductName = "Java 8 Update 351 (64-bit)" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\PackageName = "jre1.8.0_35164.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jre1.8.0_351_x64\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B33823269140800\4EA42A62D9304AC4784BF2468130150F C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1188 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1188 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1188 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2028 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mmc-stable-win32.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ed4f50,0x7fef6ed4f60,0x7fef6ed4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1116 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1808 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3288 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3728 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3636 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3848 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4444 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1080,1438092652629784605,7104950395037271718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5428 /prefetch:8

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 53D99F27B271F596A7F3334DDC5F5E1C

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 accounts.google.com udp
N/A 8.8.8.8:53 clients2.google.com udp
N/A 172.217.168.237:443 accounts.google.com tcp
N/A 142.250.179.174:443 clients2.google.com tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.131:443 ssl.gstatic.com tcp
N/A 142.250.179.142:443 apis.google.com tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 84.53.185.139:443 www.java.com tcp
N/A 138.1.45.89:443 tcp
N/A 95.101.125.213:443 tcp
N/A 69.192.64.212:443 tcp
N/A 69.192.66.17:443 static.ocecdn.oraclecloud.com tcp
N/A 142.250.179.142:443 udp
N/A 142.251.39.110:443 udp
N/A 142.251.39.110:443 play.google.com tcp
N/A 142.251.39.110:443 udp
N/A 185.106.94.139:443 tcp
N/A 185.106.94.139:443 tcp
N/A 185.106.94.139:443 tcp
N/A 185.106.94.139:443 tcp
N/A 185.106.94.139:443 tcp
N/A 185.106.94.139:443 tcp
N/A 216.58.215.227:443 id.google.com tcp
N/A 216.58.215.227:443 udp
N/A 95.101.125.213:443 www.oracle.com tcp
N/A 69.192.64.212:443 c.oracleinfinity.io tcp
N/A 23.222.18.199:443 tcp
N/A 95.101.125.213:443 www.oracle.com tcp
N/A 69.192.64.212:443 c.oracleinfinity.io tcp
N/A 13.227.219.60:443 consent.trustarc.com tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 95.101.58.226:443 tcp
N/A 13.36.218.177:443 oracle.112.2o7.net tcp
N/A 13.227.219.60:443 consent.trustarc.com tcp
N/A 23.72.252.160:443 tcp
N/A 23.72.252.176:443 tcp
N/A 23.72.252.131:443 tcp
N/A 23.72.252.153:443 tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 69.192.71.29:443 tcp
N/A 69.192.71.29:443 tcp
N/A 2.20.8.83:443 sdlc-esd.oracle.com tcp
N/A 8.8.4.4:443 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.4.4:443 dns.google udp
N/A 142.251.36.14:443 sb-ssl.google.com tcp
N/A 224.0.0.251:5353 udp
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 23.65.205.24:443 javadl-esd-secure.oracle.com tcp
N/A 8.8.8.8:53 rps-svcs.oracle.com udp
N/A 23.65.205.24:443 rps-svcs.oracle.com tcp

Files

\??\pipe\crashpad_2028_HYUMMAUTDIRQEXWS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

memory/2472-60-0x0000000000000000-mapping.dmp

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

memory/1476-65-0x000007FEFBFB1000-0x000007FEFBFB3000-memory.dmp

memory/1476-63-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 0c12af4b515cff646901271c8c5dbfcd
SHA1 8f229178fbd550991af7ff956c88a30186403c4a
SHA256 2cc05f940919ad66762c1829cc57c78e25e903f056ccade5d763732f2a9fd6dd
SHA512 18d87817949f778d507516cda91afd11970c683b916bd9419eb0e4e837d624e3456ece24e0f9363d751d63618e82db9b71b627d9d9116c7468f8b1f6e31b6024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eb4f95494db720ad4c74585bc580718
SHA1 54ee516c9f59d43cd296874cd292bed25aec4afc
SHA256 f6418254edcf99fb0a326bf0acd7698f42dee7a5042aa08afb7666b4f8cc47ec
SHA512 636314e18c988ce434edb09f19ed27961d9503ffa2c808a43d5ee222c797d4d31e0a57a562c9f3be1b1257aaaaa9b48fb8da0992ca85a3f5f2e13535cfc0a0af

C:\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

\Users\Admin\AppData\Local\Temp\jds7164408.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351_x64\jre1.8.0_35164.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eb4f95494db720ad4c74585bc580718
SHA1 54ee516c9f59d43cd296874cd292bed25aec4afc
SHA256 f6418254edcf99fb0a326bf0acd7698f42dee7a5042aa08afb7666b4f8cc47ec
SHA512 636314e18c988ce434edb09f19ed27961d9503ffa2c808a43d5ee222c797d4d31e0a57a562c9f3be1b1257aaaaa9b48fb8da0992ca85a3f5f2e13535cfc0a0af

memory/2676-75-0x0000000000000000-mapping.dmp

C:\Windows\Installer\MSI1162.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 74d7fb9464dbd3803d00da93ba5bcbcb
SHA1 75a29e86c96602afd805c15bc6bdbadfb680252b
SHA256 5dabf662495df57f96ab4da5994bbddcf099fb2b4c9555d43e6f04214ecfe2e0
SHA512 ac6740578c9b32eb8d4f856849c8a40b49f9a7e310678e1384fb58b2f62b005a0ffe6b9b5709b425a8b647dc6fe10823b6c3f5e91e32dc8d9ee1d9abd443f3ed

\Windows\Installer\MSI1162.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI195E.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSI195E.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI1D66.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSI1D66.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

memory/2808-85-0x0000000000000000-mapping.dmp

\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1eefd6622a798b8f12b4a22aa09fa2c7
SHA1 7d4b2c0ba590f89c7d0147edf00dc979de4d9294
SHA256 13a2b8d35b63c1ef1503d5659efab7c1ab7cd3f49fa9b9c07b55513107e52cbf
SHA512 c267524a83796ad8d5839343973a570855fdd4676e02adc09f3f89228341a1d2e9bcbaaded521f5acc2e75cdc9bc4ab612d7d9690ac1b8980e7e68a116023d01

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 902f5ff90545f32ff0d5dad5f2f36860
SHA1 a57c9874152c00327d28b981e01101c046cd0bf5
SHA256 d9520b6b9a2de64b5dc05f9d373120f0a721e4713643b0ddef403dd7d72972ab
SHA512 b63ad456a87075d14e7996b65133fc77b9c6851e24f29d43cb4478fe4b7444a3e7994c2a3e2b3c549e8d7322e096e63b4291a4c7c57aae3b2fcc0842deffb4ff

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 e0dbfc304d8c1f54475595a1cbb07300
SHA1 ea344612611c89bfc3181bb1f9394c98db28025c
SHA256 2e081018bc3b67123498e3c3ac6efaa5b96f9203a640e67c98c311f350e5eec3
SHA512 117c10b8d8cd9e5dc96cdc4d4417735e355fee002d1b7adf3f1485f5c8957e428dfc8bdb43761173609a132e05936caf5c8ee047afeb1834b1fba22b1b42af41

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-03 18:23

Reported

2023-01-03 18:27

Platform

win10v2004-20220901-en

Max time kernel

90s

Max time network

150s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mmc-stable-win32.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mmc-stable-win32.zip

Network

Country Destination Domain Proto
N/A 104.80.225.205:443 tcp
N/A 20.42.65.89:443 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp

Files

N/A