asyncrat | hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbEVYU3RRVG5ESHlQc1JGby1GeFYwaE0zb053UXxBQ3Jtc0trTEtyM0RVQklIVlZtbWtYcUMxLXQwd1FrazBOMTN5OGlCQ0ZzUzRabVVhdElGUGhqWjVFdnJ6LUo5VmhyOXBMakRYbDhCdEEzYlU0VEVON284OVdMWXdBdTMzZlNaNUNJQW9YVEZkcFBoMFJWcGs2MA&q=https%3A%2F%2Fwww[.]upload[.]ee%2Ffiles%2F14989616%2FInjector[.]rar[.]html&stzid=UgzC99hc98uiIh_tQx94AaABAg

Analysis

max time kernel
175s
max time network
177s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
05-03-2023 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEVYU3RRVG5ESHlQc1JGby1GeFYwaE0zb053UXxBQ3Jtc0trTEtyM0RVQklIVlZtbWtYcUMxLXQwd1FrazBOMTN5OGlCQ0ZzUzRabVVhdElGUGhqWjVFdnJ6LUo5VmhyOXBMakRYbDhCdEEzYlU0VEVON284OVdMWXdBdTMzZlNaNUNJQW9YVEZkcFBoMFJWcGs2MA&q=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14989616%2FInjector.rar.html&stzid=UgzC99hc98uiIh_tQx94AaABAg

Score

10^/10

asyncrat redline sectoprat redline venom discovery infostealer rat spyware stealer trojan

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

venom

realtekhoster.ddns.net:1337

Mutex

mutex888

Attributes

delay
1
install
true
install_file
RealtekAudio.exe
install_folder
%AppData%

aes.plain

Extracted

Family

redline

Botnet

redline

not-qualities.at.ply.gg:59219

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\build.exe	family_redline
C:\Users\Admin\AppData\Roaming\build.exe	family_redline
C:\Users\Admin\AppData\Roaming\build.exe	family_redline
behavioral1/memory/1108-637-0x00000000008B0000-0x00000000008CE000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\build.exe	family_sectoprat
C:\Users\Admin\AppData\Roaming\build.exe	family_sectoprat
C:\Users\Admin\AppData\Roaming\build.exe	family_sectoprat
behavioral1/memory/1108-637-0x00000000008B0000-0x00000000008CE000-memory.dmp	family_sectoprat

Async RAT payload 4 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Client.exe	asyncrat
C:\Users\Admin\AppData\Local\Temp\Client.exe	asyncrat
C:\Users\Admin\AppData\Local\Temp\Client.exe	asyncrat
behavioral1/memory/4556-583-0x00000000006D0000-0x00000000006E6000-memory.dmp	asyncrat

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Injector.exeInjector.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	Injector.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	Injector.exe

Executes dropped EXE 6 IoCs

Processes:

Injector.exeInjector.exeClient.exebuild.exeInjector.exeInjector.exe

pid process

1356 Injector.exe
5108 Injector.exe
4556 Client.exe
1108 build.exe
4400 Injector.exe
3640 Injector.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
1356	Injector.exe
5108	Injector.exe
4556	Client.exe
1108	build.exe
4400	Injector.exe
3640	Injector.exe

Drops file in Windows directory 4 IoCs

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3596 4556 WerFault.exe Client.exe

pid	pid_target	process	target process
3596	4556	WerFault.exe	Client.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133224795421243804"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

Processes:

Injector.exeInjector.exechrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance	Injector.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance	Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

Processes:

chrome.exebuild.exetaskmgr.exechrome.exetaskmgr.exe

pid	process
4600	chrome.exe
4600	chrome.exe
1108	build.exe
1108	build.exe
1108	build.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
4688	chrome.exe
4688	chrome.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe
4104	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3616 OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe7zG.exetaskmgr.exe

pid	process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4240	7zG.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe
1808	taskmgr.exe

Suspicious use of SetWindowsHookEx 27 IoCs

Processes:

OpenWith.exeAcroRd32.exe

pid	process
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
2172	AcroRd32.exe
2172	AcroRd32.exe
2172	AcroRd32.exe
2172	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4600 wrote to memory of 5012	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 5012	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4544	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4460	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 4460	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe
PID 4600 wrote to memory of 944	4600	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEVYU3RRVG5ESHlQc1JGby1GeFYwaE0zb053UXxBQ3Jtc0trTEtyM0RVQklIVlZtbWtYcUMxLXQwd1FrazBOMTN5OGlCQ0ZzUzRabVVhdElGUGhqWjVFdnJ6LUo5VmhyOXBMakRYbDhCdEEzYlU0VEVON284OVdMWXdBdTMzZlNaNUNJQW9YVEZkcFBoMFJWcGs2MA&q=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14989616%2FInjector.rar.html&stzid=UgzC99hc98uiIh_tQx94AaABAg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x88,0xd8,0x7fffbbcf9758,0x7fffbbcf9768,0x7fffbbcf9778
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:2
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:3204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:3240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3164 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4280 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4900 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5244 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5280 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5776 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5520 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6156 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6552 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6648 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6880 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:8
2⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6192 --field-trial-handle=1816,i,1870019317071913617,2400472193057923189,131072 /prefetch:1
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4
1⤵
PID:984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Injector.rar"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
PID:1612

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB588EB3E4A83B3A0218A5FC85ECA01C --mojo-platform-channel-handle=1600 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:308

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A6159D4313E37CEC0D76B40A10A3E369 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A6159D4313E37CEC0D76B40A10A3E369 --renderer-client-id=2 --mojo-platform-channel-handle=1624 --allow-no-sandbox-job /prefetch:1
4⤵
PID:2496

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5554C089E0FD58AD71774586747C1ECF --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:4576

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E0AC19387C0AA1C91CC3714399EA9751 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:4952

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62D3F777A1A55FD0384E114CC369DC1E --mojo-platform-channel-handle=1828 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:3516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2972

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18480:78:7zEvent30861
1⤵
- Suspicious use of FindShellTrayWindow
PID:4240

C:\Users\Admin\Downloads\Injector\Injector.exe
"C:\Users\Admin\Downloads\Injector\Injector.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:1356

C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:5108

C:\Users\Admin\AppData\Roaming\build.exe
"C:\Users\Admin\AppData\Roaming\build.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1108

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
2⤵
- Executes dropped EXE
PID:4556

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4556 -s 1020
3⤵
- Program crash
PID:3596

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1808

C:\Users\Admin\Downloads\Injector\Injector.exe
"C:\Users\Admin\Downloads\Injector\Injector.exe"
1⤵
- Executes dropped EXE
PID:4400

C:\Users\Admin\Downloads\Injector\Injector.exe
"C:\Users\Admin\Downloads\Injector\Injector.exe"
1⤵
- Executes dropped EXE
PID:3640

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4104

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
ac950c1dbc0c62885f6a9af86c4a1b57

SHA1
d0d380b004b949b65de55a53df404058ab09de35

SHA256
b6d694a9b2d020dc8bc6b5f66571c144bd2bb807617e2979533b4cfa936f89b7

SHA512
ea7e9a98b8e75119f2d0668b903301aebcd160aeb17bfacbb3c4881af747162abaf042df2f6f67d7d05f2c3aeab6600a497ee2f6f3ea3960e17b9798010e1812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
2d455d598429ae0311a380cc90191c1a

SHA1
aa13ad16ac524efc40ff49ecd4ae01cc61b7d25e

SHA256
57a0816e9b54ba11664707230e8374b755f48d636ba090ca82f3707e9ee14aac

SHA512
e7f274456812a2746b2e9c6459deed29700e324940fe2cbf9b58b8895ee62067df6b987bc767d27529578fc9f421fbe8c3c10cfdd1feaa6e883dec7e2b26e2b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
12cf2e92297c113305975b79335e4675

SHA1
2763234d9e609ea48e3dd79efc5c65db04190de2

SHA256
fd0b22f137147bb430f880564444c0458548ed0d133759faeef3a229db36c644

SHA512
4f321d8bb431f6af9de4be604dd22ae3fce285c06dfeb49f5a12ff89321b9c888941a0260a6e705feb74089a2774c7d343142e24e061025ba219fef4dfc28e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
2706957addc65a98f746d4e038f745cf

SHA1
98864759d0e3c8f5d7a4464b53c2f469b628de95

SHA256
424cc12c657f8af8abe28bec2c0682822c2cfb809bd3fbfbebd34ca233cefb2a

SHA512
ca5c1771a1f5a60391daea6ceb358cfb1f527057224a091c8ddd069e6b2d6a99da98ced54296bf84be2f00b5cea276576a2d576c7ce50a344de66cee47abbf8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4a349a6ffd0c21587a083ce74f3576da

SHA1
554f73c96934e6a43af92d33bac1dd24cc68c657

SHA256
b36243b280f7b7a15f6346de5054107aa24100af35824daaee2396eb0bf26bc1

SHA512
bcbcd2714b840235a6fad91c937ff722f0420c073f91236b89b1f8925601f055c9bbc8c2ddc411ed7852635174cf273362f8641b52fa44a692f1c40f807ff422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
866a531e02a194e8d0e0565bac7fead4

SHA1
30c364966d7e029d95034c29968710e3132951f1

SHA256
a7b1df68c946b0a4908debea7ac392d591ef12a820e15f5b6a91f40d7457dc1c

SHA512
9313a23983d40f4848024a4b330c0d677c03acc61346bb3122dc667823e8bd22a75a00a3cc6a5662d61b30fb2844340145e1c68f178ec9181b9d66c9bff9d760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4ebbfc22cb1b93ec7ba0cd87aecb5816

SHA1
e5b5f3b805731c9db1112b7e018175dd5e7d01a1

SHA256
ded5181ce9be529c2e91ae32ca03e096fefab057e90ac62875e2b929a0c3d732

SHA512
6234bbb7504211b4c9d4863f087db32a80e97a9907436040a7242a4c873795903b2ab1d7312598fe03f9cf921a9248805c4184f7addb4b8519c2ef0adbbf31f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f77c3ff0216e36eb05adea89fe6bdce4

SHA1
1d0f31dd97d9001432395f17083c2321c475a7bf

SHA256
bdbd542bd3fe48bc6609af508a3c82f30d44396ddfeeb5f2e8f89ce7378ae8ec

SHA512
53aa5988e7feb97925a8e5c27f4b8e85af8aed3beb6dd1dc0ce0dd2831fba4efc818eda0c1ff81f9d67f1b57cba268e69477fe2802319506205438dbf3c2afcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
960ed22c0ec862f7f726bd280e7ebbb7

SHA1
b56959266819303110170d6ab5f69d0332c0adc1

SHA256
3dd4ed7aba8c0881374e2d821e51269191784ed04317533470c87b9e870eee9b

SHA512
48dd82a34778fb0434128b3c7d8f18450f18284595395d24d69501ae33b689fe25c11a86940d26b9dbaa070981e1c3eab2d13e998dc3051475adde73a637feba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6527f5d251c3f89ec45b693f063ffb1a

SHA1
ebc48fbe7cafcfb84b13930c29dc05b0512afede

SHA256
4b5e3b931297e95bd6dadb1bd1c2d26192b5ea9899388fe572a700e13fec0de3

SHA512
fdf1d54835f2c189bfce9b43cfa02d37f5ba155f142b6324cf51da882e88d13d89d7f225a7a43acb33ceb7d1e0659c665318f9360603da2f98d92a4205b794cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2b6dbd9c6da4845c2bdafd79b1c8838a

SHA1
2e63a281e8e35463ac40895d8538bc91fe2095ad

SHA256
b15768f075665c755130d814f516121c26482a21cca881acaa2d441d2c8259cd

SHA512
f1da0ac418bcd9d490bf274c87c00f41ce1d4ad0e9e0ade18a0befe3ca4239077d53c16dfd638169a4c1047af7d9c8784ac88042b972486b0132f476ea3d2ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6f8c236fa100cc777b10a338d0d403cb

SHA1
ce753857be0ab5407208ce652d74d0659ee566e6

SHA256
c823254c614797fc899c59586b23262e107997c0b7dadef2f030ce8bae8bb3d9

SHA512
9fabd863d9c02a28b9db5c2b2b53d7cb3f53499f7831aec00e4fddd75974571464aa02ae556e43cf2e64ebc777aad95fc48ab37159f367c6b8de756ec6a05f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
143ed9cd7ad9196be4ac8936092cc7dd

SHA1
95c3d99091ae30b4747b1ee2015f09c4e703f3c6

SHA256
a84ac3acd38935b32a72deda6ae169b20c7490639010bc27689c17eff95633ab

SHA512
a7c889897f6113de10ff1b71a5e15e6b4a1816e069f3156b2af296c6da45e1431b461e2266de632e0e3fb4fd1af709e8ac17fa67ad99b02de1cfa61ab24f0951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
782447d37872e6b9bb71c78d1f735de0

SHA1
4eebaeb4627c861dd6931b3070df3069b8b307d8

SHA256
18fac08ef78b38971c8d6af47f3b0d79f3572109d3143ea5a37aaba6031ac00b

SHA512
dfbce8f0bc7eca6e76d46d5e284e3d2f26e4dd403be39fc46320f0b3af56df81e36c1c0393472b203b1fd45eead4b3c6930e5ce705227c8211fa69bca5f28192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
142KB

MD5
cf246b7260b033fca85fe1ce85085e6c

SHA1
a04c6a59b6c7e06646d367ccc68556981d876edf

SHA256
da817f066b1c44bec1279f8509edd9adab03a4ffde8caf615ca52ed239a0c723

SHA512
3de6f4e7eff576f48adc914640815d9b0c57d7636c1fc546b685871886580ea85110ff7846b875989818e0191159bdb2354dd748124f64508279f35e6270590a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
142KB

MD5
8fa14794aaa004a62362d56e41fa87ae

SHA1
998a31e45cb5c948c34707cf970997b6de6f6889

SHA256
1f5fab1ce51a51ba3076d695c8db52685b428b51857448d78fa79a440beade8b

SHA512
877f815330424d0e876a7bae4337776eb7f85d2b1ee4e887399a9930d119230c43fa0c09f5ec3ef755b92c2e08a964ba0f73fa46450cd362397cfea3f91946f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
142KB

MD5
8fa14794aaa004a62362d56e41fa87ae

SHA1
998a31e45cb5c948c34707cf970997b6de6f6889

SHA256
1f5fab1ce51a51ba3076d695c8db52685b428b51857448d78fa79a440beade8b

SHA512
877f815330424d0e876a7bae4337776eb7f85d2b1ee4e887399a9930d119230c43fa0c09f5ec3ef755b92c2e08a964ba0f73fa46450cd362397cfea3f91946f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
8775b68eb97210e467a5d94b44cae208

SHA1
6c44a3fae2c15ba3071a8b690d4e5f7c2999be6b

SHA256
470a44f4b3a1a7fa46faf9ed4ca7262b20762f09550a3615140d2eb865022f9e

SHA512
78762e423dd80147fabc7bb5a02077239445f23910d35eb968e29ebe25f3c57614369240792360614193d98c34ce8ad1fa4a3b44ef2baab1aa54c6fc1ec2fcb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56eeba.TMP
Filesize
93KB

MD5
7c657bec31e9794f53a2ea02462e11f6

SHA1
c76675aa0473d8cdd0f8d7783f8a1169eba3099a

SHA256
9cc8d7e92b80972aec820242a2581c6d9d29504e1fef2c553ed3453e92d56733

SHA512
063771ed7ddf526e9885e61c8662d4cb2d2f90c028861df9d0d519ac99f5b79b7cb66c5e4164218ee523554e1bd41e75889136b587448c33226414d7384b241d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
d852299b38f5955ca53f22c39584a0dd

SHA1
7f0d60b65b369ee3df5092504eec4239c460b419

SHA256
111b1a7cb30340dbdfaa913b859cd1a27ae0624240e7832106b57bb67d7886b5

SHA512
f0d87ebd52ec36440fe0338efcf030acebc1016a2b590c95e57bc7a944401afe4caa4e57bae4433858dbe9ce5a4221e67220a0860324710c4a7553955a166028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\3877292338.pri
Filesize
162KB

MD5
0d02b03a068d671348931cc20c048422

SHA1
67b6deacf1303acfcbab0b158157fdc03a02c8d5

SHA256
44f4263d65889ea8f0db3c6e31a956a4664e9200aba2612c9be7016feeb323c0

SHA512
805e7b4fafed39dec5ecc2ede0c65b6e103e6757e0bd43ecdce7c00932f59e3e7a68d2ea0818244dfeb691b022c1ccca590a3f4239f99e1cd8a29ba66daed358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\810424605.pri
Filesize
2KB

MD5
a2942665b12ed000cd2ac95adef8e0cc

SHA1
ac194f8d30f659131d1c73af8d44e81eccab7fde

SHA256
bdc5de6c42c523a333c26160d212c62385b03f5ebdae5aa8c5d025ff3f8aa374

SHA512
4e5ba962ba97656974c390b45302d60f4c82d604feb6199d44e80497a40d0b0a9fd119ca17ac184809ca0821ab6813292892c433ed7277f65c275f37a96070b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client.exe
Filesize
63KB

MD5
d1148e1b7b20e11825033cac8c3e22d7

SHA1
126efafb98e807f46d160b8433b964c796467775

SHA256
014046adec14dc69618b1be44044746d5a0053ff421a5f68fe4a8029318552e1

SHA512
341e0ce8c75ad1032b9002d214c4bf28fcf3648985c467230efed69a33e4c304d754159d03cd2cca7266a482a8a6b9a77cac92bc606cd2af2e25a2af046c0f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client.exe
Filesize
63KB

MD5
d1148e1b7b20e11825033cac8c3e22d7

SHA1
126efafb98e807f46d160b8433b964c796467775

SHA256
014046adec14dc69618b1be44044746d5a0053ff421a5f68fe4a8029318552e1

SHA512
341e0ce8c75ad1032b9002d214c4bf28fcf3648985c467230efed69a33e4c304d754159d03cd2cca7266a482a8a6b9a77cac92bc606cd2af2e25a2af046c0f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client.exe
Filesize
63KB

MD5
d1148e1b7b20e11825033cac8c3e22d7

SHA1
126efafb98e807f46d160b8433b964c796467775

SHA256
014046adec14dc69618b1be44044746d5a0053ff421a5f68fe4a8029318552e1

SHA512
341e0ce8c75ad1032b9002d214c4bf28fcf3648985c467230efed69a33e4c304d754159d03cd2cca7266a482a8a6b9a77cac92bc606cd2af2e25a2af046c0f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Injector.exe
Filesize
93KB

MD5
a317f4394c353c241aa4230bf7af273e

SHA1
13c3dedbe62ec638f8a7d4a41a2aa6a7af3bfebf

SHA256
d9504058bb52273f740c96093e08d81259b82a22ede153398a1e2b3102c15466

SHA512
019b241819e93504caaf096cc0485ce4a4aa280b67fc03e3c1184ada6da334a47e2c407ba5ca4dc075fd931ed853a7e9a39e3cec158a0f7f9bf05f5b2c6a9741

Download Submit
C:\Users\Admin\AppData\Local\Temp\Injector.exe
Filesize
93KB

MD5
a317f4394c353c241aa4230bf7af273e

SHA1
13c3dedbe62ec638f8a7d4a41a2aa6a7af3bfebf

SHA256
d9504058bb52273f740c96093e08d81259b82a22ede153398a1e2b3102c15466

SHA512
019b241819e93504caaf096cc0485ce4a4aa280b67fc03e3c1184ada6da334a47e2c407ba5ca4dc075fd931ed853a7e9a39e3cec158a0f7f9bf05f5b2c6a9741

Download Submit
C:\Users\Admin\AppData\Local\Temp\Injector.exe
Filesize
93KB

MD5
a317f4394c353c241aa4230bf7af273e

SHA1
13c3dedbe62ec638f8a7d4a41a2aa6a7af3bfebf

SHA256
d9504058bb52273f740c96093e08d81259b82a22ede153398a1e2b3102c15466

SHA512
019b241819e93504caaf096cc0485ce4a4aa280b67fc03e3c1184ada6da334a47e2c407ba5ca4dc075fd931ed853a7e9a39e3cec158a0f7f9bf05f5b2c6a9741

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8FED.tmp
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9050.tmp
Filesize
92KB

MD5
7b8fce002a4226440336bb820df16ce0

SHA1
2c01f79baedc0d595a7b614dd3e8856059a073c1

SHA256
38631485d25760a44d157bde164d0bd5785d37f183c62715960170df1f6a4066

SHA512
ac46dcefa71a43e059834963fc7bc8e58079d7eea69daf5f5ba8630fe07f0a10da9091126e91ea43d828a733039650dac17fb29398f1ab0adf70769093956ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp90E9.tmp
Filesize
96KB

MD5
d367ddfda80fdcf578726bc3b0bc3e3c

SHA1
23fcd5e4e0e5e296bee7e5224a8404ecd92cf671

SHA256
0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0

SHA512
40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

Download Submit
C:\Users\Admin\AppData\Roaming\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\AppData\Roaming\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\AppData\Roaming\build.exe
Filesize
95KB

MD5
401ae697c9602127ccadf631c1fbd437

SHA1
53290d042e2890626421f2657a9d258ecb59aa33

SHA256
9887f49e92ce29898cf42e5c0e8113f0d3d4b61fb98d7f56a9abc27ee885858f

SHA512
723e6edd5f9dd5d730571ba17aa99c255e143ab4bf16b7c24e81f28536ff15b1c1fd9d5acb3cf3e19059e1f42790c3609721d364c156d67db5aa05e209f0b338

Download Submit
C:\Users\Admin\Downloads\Injector.rar
Filesize
170KB

MD5
216fb73ed4b91cf7bac317d1fcc6aa44

SHA1
a9a19d3c31c86e8155923a9739afefee43b9361e

SHA256
f74dbe46005822420854504310cb6c0fddb63a32eaa8155d35080a00884be3f3

SHA512
4fbf08d1a062763a627d4d620f7b503e5cb5c431bb29dfea3c025e28250ff72e2b4b992f2ef931b3fb5e53b1d161bd8776f7fde1d491d209c6f6623b1414ff0e

Download Submit
C:\Users\Admin\Downloads\Injector.rar
Filesize
170KB

MD5
216fb73ed4b91cf7bac317d1fcc6aa44

SHA1
a9a19d3c31c86e8155923a9739afefee43b9361e

SHA256
f74dbe46005822420854504310cb6c0fddb63a32eaa8155d35080a00884be3f3

SHA512
4fbf08d1a062763a627d4d620f7b503e5cb5c431bb29dfea3c025e28250ff72e2b4b992f2ef931b3fb5e53b1d161bd8776f7fde1d491d209c6f6623b1414ff0e

Download Submit
C:\Users\Admin\Downloads\Injector\Injector.exe
Filesize
205KB

MD5
a7e1e30180367895bdca6d2e16262937

SHA1
dcbd8b0031efa9c1804dbb9cc9dac17a3fa629c5

SHA256
6e57e5778f4bbefd4923230b6e754d959565e21571e2e6b93f2d73d6f1479e11

SHA512
f8a6e6dd9d7dc9c4814c88fef4407ae59a96c302cba6788244567ea07107ceb334037d7a52d9bed4f7f17aaf8725fa2097d8d20f79e921d4d37e3e2006c30e19

Download Submit
C:\Users\Admin\Downloads\Injector\Injector.exe
Filesize
205KB

MD5
a7e1e30180367895bdca6d2e16262937

SHA1
dcbd8b0031efa9c1804dbb9cc9dac17a3fa629c5

SHA256
6e57e5778f4bbefd4923230b6e754d959565e21571e2e6b93f2d73d6f1479e11

SHA512
f8a6e6dd9d7dc9c4814c88fef4407ae59a96c302cba6788244567ea07107ceb334037d7a52d9bed4f7f17aaf8725fa2097d8d20f79e921d4d37e3e2006c30e19

Download Submit
C:\Users\Admin\Downloads\Injector\Injector.exe
Filesize
205KB

MD5
a7e1e30180367895bdca6d2e16262937

SHA1
dcbd8b0031efa9c1804dbb9cc9dac17a3fa629c5

SHA256
6e57e5778f4bbefd4923230b6e754d959565e21571e2e6b93f2d73d6f1479e11

SHA512
f8a6e6dd9d7dc9c4814c88fef4407ae59a96c302cba6788244567ea07107ceb334037d7a52d9bed4f7f17aaf8725fa2097d8d20f79e921d4d37e3e2006c30e19

Download Submit
C:\Users\Admin\Downloads\Injector\Injector.exe
Filesize
205KB

MD5
a7e1e30180367895bdca6d2e16262937

SHA1
dcbd8b0031efa9c1804dbb9cc9dac17a3fa629c5

SHA256
6e57e5778f4bbefd4923230b6e754d959565e21571e2e6b93f2d73d6f1479e11

SHA512
f8a6e6dd9d7dc9c4814c88fef4407ae59a96c302cba6788244567ea07107ceb334037d7a52d9bed4f7f17aaf8725fa2097d8d20f79e921d4d37e3e2006c30e19

Download Submit
\??\pipe\crashpad_4600_VVOJXBWFRCZEKTPG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1108-666-0x00000000069F0000-0x0000000006A0E000-memory.dmp

Filesize
120KB

Download
memory/1108-658-0x00000000053D0000-0x00000000054DA000-memory.dmp

Filesize
1.0MB

Download
memory/1108-661-0x0000000006580000-0x0000000006742000-memory.dmp

Filesize
1.8MB

Download
memory/1108-662-0x0000000006C80000-0x00000000071AC000-memory.dmp

Filesize
5.2MB

Download
memory/1108-663-0x00000000067F0000-0x0000000006882000-memory.dmp

Filesize
584KB

Download
memory/1108-664-0x0000000006890000-0x0000000006906000-memory.dmp

Filesize
472KB

Download
memory/1108-665-0x00000000076B0000-0x0000000007BAE000-memory.dmp

Filesize
5.0MB

Download
memory/1108-639-0x00000000050C0000-0x00000000050D2000-memory.dmp

Filesize
72KB

Download
memory/1108-667-0x0000000007640000-0x00000000076A6000-memory.dmp

Filesize
408KB

Download
memory/1108-640-0x0000000005160000-0x000000000519E000-memory.dmp

Filesize
248KB

Download
memory/1108-669-0x0000000005150000-0x0000000005160000-memory.dmp

Filesize
64KB

Download
memory/1108-638-0x0000000005770000-0x0000000005D76000-memory.dmp

Filesize
6.0MB

Download
memory/1108-651-0x00000000050E0000-0x000000000512B000-memory.dmp

Filesize
300KB

Download
memory/1108-652-0x0000000005150000-0x0000000005160000-memory.dmp

Filesize
64KB

Download
memory/1108-637-0x00000000008B0000-0x00000000008CE000-memory.dmp

Filesize
120KB

Download
memory/1356-497-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2172-660-0x0000000008060000-0x0000000008081000-memory.dmp

Filesize
132KB

Download
memory/3256-172-0x00007FFFC2C60000-0x00007FFFC2C61000-memory.dmp

Filesize
4KB

Download
memory/3256-173-0x00007FFFC2A80000-0x00007FFFC2A81000-memory.dmp

Filesize
4KB

Download
memory/4544-128-0x00007FFFC23D0000-0x00007FFFC23D1000-memory.dmp

Filesize
4KB

Download
memory/4556-650-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/4556-583-0x00000000006D0000-0x00000000006E6000-memory.dmp

Filesize
88KB

Download
memory/4556-668-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/5108-541-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download