Malware Analysis Report

2024-11-13 14:05

Sample ID 240225-rqmnzsee4x
Target https://ju8765rtyh.pro/?rmxwKjRD5Wdc7EMH8QY4zkT9OvfnBh0iCgsqNXulJ2ILtePV6Gbo3yZSUaFp-Xmf27iuV1bgY0lCZFeskxyDEUQHnLJBTOa-VdPSK7cAv3ZeQtaUkxl0O4EWMXjhYwry6IpiLgFbfuJ1HN58s9nD2CTRzoB
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://ju8765rtyh.pro/?rmxwKjRD5Wdc7EMH8QY4zkT9OvfnBh0iCgsqNXulJ2ILtePV6Gbo3yZSUaFp-Xmf27iuV1bgY0lCZFeskxyDEUQHnLJBTOa-VdPSK7cAv3ZeQtaUkxl0O4EWMXjhYwry6IpiLgFbfuJ1HN58s9nD2CTRzoB was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Checks processor information in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Modifies registry class

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-25 14:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 14:23

Reported

2024-02-25 14:27

Platform

win10v2004-20240221-en

Max time kernel

186s

Max time network

200s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ju8765rtyh.pro/?rmxwKjRD5Wdc7EMH8QY4zkT9OvfnBh0iCgsqNXulJ2ILtePV6Gbo3yZSUaFp-Xmf27iuV1bgY0lCZFeskxyDEUQHnLJBTOa-VdPSK7cAv3ZeQtaUkxl0O4EWMXjhYwry6IpiLgFbfuJ1HN58s9nD2CTRzoB

Signatures

Lumma Stealer

stealer lumma

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2712 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ju8765rtyh.pro/?rmxwKjRD5Wdc7EMH8QY4zkT9OvfnBh0iCgsqNXulJ2ILtePV6Gbo3yZSUaFp-Xmf27iuV1bgY0lCZFeskxyDEUQHnLJBTOa-VdPSK7cAv3ZeQtaUkxl0O4EWMXjhYwry6IpiLgFbfuJ1HN58s9nD2CTRzoB

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb53446f8,0x7ffcb5344708,0x7ffcb5344718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5720 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x514 0x50c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\" -spe -an -ai#7zMap32696:104:7zEvent30063

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\" -spe -an -ai#7zMap3082:188:7zEvent2822

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\monogyny.ppt" /ou ""

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe

"C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,9156263155507223716,15985135012450027200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3808 /prefetch:2

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe

"C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe"

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe

"C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 ju8765rtyh.pro udp
US 104.21.79.240:443 ju8765rtyh.pro tcp
US 104.21.79.240:443 ju8765rtyh.pro tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 240.79.21.104.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 14.125.203.66.in-addr.arpa udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs270n364.userstorage.mega.co.nz udp
LU 89.44.168.74:443 gfs270n364.userstorage.mega.co.nz tcp
LU 89.44.168.74:443 gfs270n364.userstorage.mega.co.nz tcp
LU 89.44.168.74:443 gfs270n364.userstorage.mega.co.nz tcp
LU 89.44.168.74:443 gfs270n364.userstorage.mega.co.nz tcp
LU 89.44.168.74:443 gfs270n364.userstorage.mega.co.nz tcp
LU 89.44.168.74:443 gfs270n364.userstorage.mega.co.nz tcp
US 8.8.8.8:53 74.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6fbbaffc5a50295d007ab405b0885ab5
SHA1 518e87df81db1dded184c3e4e3f129cca15baba1
SHA256 b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

\??\pipe\LOCAL\crashpad_2712_YDZQLCSHMAODXWMB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 360dd5debf8bf7b89c4d88d29e38446c
SHA1 65afff8c78aeb12c577a523cb77cd58d401b0f82
SHA256 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA512 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7474b90c-70d5-4f30-9a9a-d46fdec8b87e.tmp

MD5 b3cc363ffe8c6d4e54d216283ab2a64a
SHA1 50ab3bc0e220ac283fcbcd7a8e29d91145c284bb
SHA256 d9d3a9f82f7ff978f38e4381177bb4f1d55b34717c5d29706a9edc369af5f7ef
SHA512 5688f26b730747e779e792e38206383c162909be27870596425f4b16195641991a0c760c9269eb21f4941ed4da8efcd59202d41d85df8c79c1d8ef1813278b58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b238719cb1dfa82dba194dc8c1edd703
SHA1 b2fc8be85db85cbdb3046e1ab25b1b333dd8b845
SHA256 748c455570bb112610470cb34fc89772e829119907bd94ca0379754b6837d26a
SHA512 0b937d26b7fd8d8375e1d98a280646a3631503067f52dab2e6ba7836529d14cc6a2c6314a7589fd292e95d23653d193f787db11eb6e1e33d9dd1ef09a790360f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4b2ad72f530eec7d287d0a34c3e2e3e1
SHA1 d1d042cbe5ada235f539d71d03e62a7e2ca579dd
SHA256 4cad78241d46e985027c153039fe7df51da12c0e81ee52d700a2a5100c23b8f2
SHA512 62fb5c219901bc38e4e8c55c79fb0e2c21aad49f8ef8af31d829f0c14e067c9eac90a0609ae992786e93b56db1588841d3a8f1ad18e901664efd5e7e86442ce0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 72fcb17919dd927a53ec66f4f7547ab9
SHA1 9b3b1e7b54eb36b32453bd70111177341d980b69
SHA256 54ecdd930196bb45e1429831d2f8002a0fcb26aec4f522c764a15c020b8c62b0
SHA512 0e7234352b583637e9a85a855313d86b146b26cefc98506097dd636585a587ace2160980d82ec745e9951687ae286c9e889afb88a494711bcd30e1c8ec993998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2413089329542339364eb3f17919c98e
SHA1 f13d8b075d4e5867f6317665e83c6663861bb638
SHA256 dcf6f1289a23bb50762cd461607a3da220f302e336572f7df3ee18dc3e1c5a66
SHA512 576b782e9b0ec53966ab655403ccc0369a6767e40a6ef1cf0160214995a0bf6f23ba393edb9c928a093f1bb82cca840fe262ead232dc83a8326b989a749bfa95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 aa2cc908af982940f31c7cb12a81695e
SHA1 9a42a838f584b3061e4d67b6f97f2e8d0fcdb16e
SHA256 7f726fecafcf88687e54ef8f2397d42000f46fba8ea8fa4646bdb3d525474079
SHA512 17cad57229cd8040f33531cfbfad4a3625af595d38dd564fe8016e84bda5afb664a9e5a6c3ea1a208e4279f1e84f4ce2dc2dee61823c2788892a284e113dc030

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583d52.TMP

MD5 c898930b12a75240bde791f8dc885d99
SHA1 816cd460d116ebc3de587266a3378e04a516d515
SHA256 ed44e189b2633f255bd161ff28838288cfd2370fdb8d51ba9fa9b1b8fcf4f594
SHA512 cb588b7475bb94b50d661417499ca4d167ef0321239ac0ccf377493044d1a0be7a67320914dd795b67056eab482f61abc7d2cd76413392262bce84d84017116a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f6ccb5ad6db44ff96233626807f8bd1
SHA1 6dbb7ad284edf332dc722a5ea5f9bf92ad628251
SHA256 474be28653bd14efaf5fea51627dd1d00cd089344deeb7db87b0b9a928c812c9
SHA512 012f4fbc6e6c712770b298fa7536e1909f3ea5c2a7652d04be1b6750d6fd956c8b5d09fcba1e80b4bae8d8487d805adb378a946f61261d22092b61b521b53cfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e0920736167723570361fcf3f0f9c07
SHA1 a85cb945fdf2ad68c0366db45e746535a03b3500
SHA256 0acae4f6cdc03f134e51cef01c46db47aac75f62d1ab8c0ddae6de9bdac956cd
SHA512 92614919cd81c66e4035ae8ec4b1e362baaf363c7b780392b770110c78312c3e110bf87a3bd8ae817d2519b32f802689ea74fc55128681975272c9579969e38f

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009.zip

MD5 1d926b38036f1b7aad5bee9f5ac16444
SHA1 5491b2afeb424bda0f55c802e8374dac37656b63
SHA256 2cc3a15f8ebd2d1b9e0b1305b5a41ada6d9cdae7b325deabf2452f5498ecc377
SHA512 1298a153e1ee759c8870638fdcc70f4d27c41709765d8b742d47df758733843c130907a3660a1c451c6a67b9269c2ab896572d1eae92caa031937e393472ab65

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009.rar

MD5 adfcd34722b55bd8d5d1c4dc0db9267a
SHA1 ed6bf0c438730b283b2b0e560ad9143860142bde
SHA256 ee4657b06da59a3c4285040f758252fd42065be6363affb8e968e2f61c0e6949
SHA512 addc44fbf94154286399f3c7ef960006a4de987382533103cd336d6a0d49d6958223b07fa27c1d82a848d9138a58c20a1d6276ca83d0277be6e109e47fe52ed8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3a7ca718b86fd568f6560c947ac152b9
SHA1 ae4da93c121f1073cc913c1280939b3eaceef344
SHA256 bb9fe939cf57a02b81d4a6ed9b4e8381a76b596ae8a8919db18a7145212d2669
SHA512 7cd4308c99e816f36d09b264a639a9a6046b620cc899fcbfa38c46d8c2428a6b551a0bd6e6b15f68420e1c43f38114dac688da2d66e5aa682f4364aebd37b1ad

memory/3624-1191-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1192-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1193-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1195-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1194-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1196-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1197-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1198-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1199-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1200-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1201-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1203-0x00007FFC817F0000-0x00007FFC81800000-memory.dmp

memory/3624-1202-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1204-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1205-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1206-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1207-0x00007FFC817F0000-0x00007FFC81800000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 f48d64885af58127ee72f757504135b5
SHA1 fd2f64687d73ff30e9f2220f149b4e7aafe1cf11
SHA256 1c30f7de52048a8c4e7891f7a0ec92abe48b183d32bde1501bad5a605f978104
SHA512 ef6bb8b49a5f984e2064a2b64fe5f8159746a3041ece2a0475471067f5b2eafd3f59104c587c2d138bb8463a1d7024167f5fa2b7021d9d28c88e365c4f470eb3

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\monogyny.ppt

MD5 46b73023016fe02b3889f870ac6d8065
SHA1 4edfbaba380f5166a50f2d1ef568daa19c914ef2
SHA256 0d45462f43e214608e0ea4c7131f9585b4a93630e10bda2779159e467b03d81d
SHA512 f9e5b32ebf2946589717f8c3e4ed7a2909b580148018a7906c45becc2fc17395be7c73c0bb30fd43b81af58c164e2211c62d076010518c5053898aeff38674f9

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\Set-up.exe

MD5 ae224c5e196ff381836c9e95deebb7d5
SHA1 910446a2a0f4e53307b6fdeb1a3e236c929e2ef4
SHA256 bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
SHA512 f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c

memory/3624-1230-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1229-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1231-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1232-0x00007FFC83DD0000-0x00007FFC83DE0000-memory.dmp

memory/3624-1233-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1234-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\glib-2.0.dll

MD5 d758d195122d02386730e61f9b15c851
SHA1 efe898c58be6c7cec63576c10aa0f43029cd4bbc
SHA256 826f3989b1bac6fb12a2bb3130371303c20078a8a66baf5fe28e9fa5aa8300c8
SHA512 a6d6377c9b120c9c06a638569fe2357f6c739acd4b0c8ea8fa2e3be3c16572a784e7a984f5b7400d063ac423420f21db05533fc8d282290c315535eac8c8ef76

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\glib-2.0.dll

MD5 dde8ec308452d07134296e8522d42bad
SHA1 a47ed61bceee8c875fde716990a4c85531e9ea11
SHA256 0821b4bb372fab05a9a8842152f6bf3f4edd9709e0ebe8f5959f41c7d633836b
SHA512 f930b830e48a5a725ce7c73cc46a0dbb3dd0ab62c973103d5fd13b3a5e6445ddf02c17034d36090a9c90505e31c7527764205c37939887a472ca3974cc28dd1f

memory/3624-1251-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3624-1249-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\iconv.dll

MD5 862dfc9bf209a46d6f4874614a6631cc
SHA1 43216aae64df217cba009145b6f9ad5b97fe927a
SHA256 84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b
SHA512 b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\vmtools.dll

MD5 c093a10127ba948e21e475d248589d5a
SHA1 28cc9171d7b67717c3da9504875931bbc5021a24
SHA256 a4c916d97daf6cbe4ab97dbe4532fa204eb45ccebb052e8ca9d318a68ac67223
SHA512 7e5fe1019baf9eb533b88e101aa4c5cae6294f0f2f98582b9af7aa757a23e98a0908d41cc9a0222c20c7186e5b7e32f5adbbacbdf9e0b8631dba61d305354759

memory/464-1252-0x00000000749B0000-0x0000000074B2B000-memory.dmp

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\gthread-2.0.dll

MD5 78cf6611f6928a64b03a57fe218c3cd4
SHA1 c3f167e719aa944af2e80941ac629d39cec22308
SHA256 dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698
SHA512 5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\gobject-2.0.dll

MD5 24a7a712160abc3f23f7410b18de85b8
SHA1 a01c3e116b6496c9feaa2951f6f6633bb403c3a1
SHA256 78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8
SHA512 d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df

memory/464-1253-0x00000000009E0000-0x00000000009F1000-memory.dmp

memory/464-1254-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\gmodule-2.0.dll

MD5 b0a421b1534f3194132ec091780472d8
SHA1 699b1edc2cb19a48999a52a62a57ffc0f48f1a78
SHA256 2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b
SHA512 ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\intl.dll

MD5 d1a21e38593fddba8e51ed6bf7acf404
SHA1 759f16325f0920933ac977909b7fe261e0e129e6
SHA256 6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e
SHA512 3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e

memory/464-1263-0x00000000749B0000-0x0000000074B2B000-memory.dmp

memory/464-1264-0x00000000749B0000-0x0000000074B2B000-memory.dmp

memory/3344-1266-0x00000000749B0000-0x0000000074B2B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5897f20d

MD5 993561c3a6edeabd71945f9c720ecca1
SHA1 36626047945a75f602be560e89993663d78255c2
SHA256 89e47380d2700e6975571dbd803bfcc4b89181a0e60678616dbf361e01f286db
SHA512 2cc2dcdbd3167b57b68c9c93c41d25fd6ebff85237ae3872ffac524cf135b5bbd2191ca8992b704a27cf839a88ab5fda6c1294e8dca8d7f2855c93ef7ae00d1a

memory/3344-1268-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/3344-1270-0x00000000749B0000-0x0000000074B2B000-memory.dmp

memory/3344-1271-0x00000000749B0000-0x0000000074B2B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1046cc64e709f57431e289b80f1783f2
SHA1 d971e165c802ab619de81cf9a864f02a9b8c5cf4
SHA256 0de673d62c62771003e1144869597877832b54a18b6b5bd1027ef558a1e6dabd
SHA512 4a7535304565626226b8296db830486aaa517bd406b6e9317b42a08437b1606ba02a7e0c211c812fd54ce09c98140d2093dd03fc5a3de60d00f6ed853d0ad1e4

memory/3344-1283-0x00000000749B0000-0x0000000074B2B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

MD5 53aad2e4026c58223f4282f18954b224
SHA1 350ad08ce6d0f7d3e573b7254c18ba2dfbd4e2be
SHA256 be0f607d5dcf558b16910646b943f0e92da29fcb1590b8e5fb69d53f899b2ca5
SHA512 e9a0ba189e9862871235f3d339adb7de77c8c3a6cc574c9e3216b07ab460529befdd543f54fbacc139d071ea9549427402104b1d37cdacec6895af89590f8338

memory/3584-1288-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/4520-1289-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1291-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1290-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1300-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1299-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1298-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1297-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1296-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1295-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/4520-1301-0x0000017F355B0000-0x0000017F355B1000-memory.dmp

memory/3584-1302-0x00000000000C0000-0x0000000000107000-memory.dmp

memory/3584-1303-0x0000000000400000-0x000000000040A000-memory.dmp

memory/3584-1306-0x0000000000400000-0x000000000040A000-memory.dmp

memory/3584-1309-0x00000000000C0000-0x0000000000107000-memory.dmp

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\glib-2.0.dll

MD5 2c86ec2ba23eb138528d70eef98e9aaf
SHA1 246846a3fe46df492f0887a31f7d52aae4faa71a
SHA256 030983470da06708cc55fd6aca92df199a051922b580db5db55c8cb6b203b51b
SHA512 396a3883fa65d7c3a0af7d607001a6099316a85563147cb34fa9806c9a4b39cfa90c7fa9eb4456399977eb47438d10896d25ed5327ae7aa3e3ae28cd1d13701c

memory/184-1319-0x00000000749B0000-0x0000000074B2B000-memory.dmp

memory/184-1320-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/184-1321-0x00000000009E0000-0x00000000009F1000-memory.dmp

memory/3584-1331-0x00000000000C0000-0x0000000000107000-memory.dmp

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\iconv.dll

MD5 eeb757be2be295ab7ad142b44ea08842
SHA1 53fdc30bd99ab4ff749f7aefdb46f2a112531bf2
SHA256 6b6dd5ad6e5c46739ddbce1e427a379a2eff68eab4dc20b5197fbecff9dc6e7f
SHA512 69d4ab5b4324c569292972988fd89f3bd4ec3a8e95378a1a4557a607df59e604850f2fd77366147de344703eed928bd20f678fa30cbf3e1bdc46bbf759bc2f95

memory/2788-1344-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/2788-1343-0x00000000009E0000-0x00000000009F1000-memory.dmp

C:\Users\Admin\Downloads\@!Files_PAsw0rdZ_1009\Setup-Free_Activate\!Filez_PAsw0rdz__1009\glib-2.0.dll

MD5 5600d19f03989e151b2c267fd930c56e
SHA1 9198c8413378aa43ff9d1f0d5275251460f693bb
SHA256 7c2fb2757ce53fbe2317b93c217b1288149db1bd161a01b5b35c29a10ee7d4e6
SHA512 93621fada880b851500d386b0da510edfa183aaa290f6e53da17219e579aa96d736b9e9b00931f3018cf327b3fc4ed0c92b9dbcb3b4905c783f2d8885d9b085b

memory/2788-1345-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/2788-1362-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/2788-1363-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/2520-1365-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/2520-1366-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/2520-1367-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/2520-1368-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/2520-1370-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/848-1371-0x00007FFCC3D50000-0x00007FFCC3F45000-memory.dmp

memory/848-1372-0x0000000000EF0000-0x0000000000F37000-memory.dmp

memory/848-1373-0x0000000000400000-0x000000000040A000-memory.dmp