Analysis Overview
Threat Level: Known bad
The file https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe was found to be: Known bad.
Malicious Activity Summary
RevengeRAT
RevengeRat Executable
Downloads MZ/PE file
Executes dropped EXE
Drops startup file
Uses the VBS compiler for execution
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
NTFS ADS
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-23 22:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-23 22:37
Reported
2024-03-23 22:40
Platform
win10-20240319-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557070833810586" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbca3f9758,0x7ffbca3f9768,0x7ffbca3f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4916 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4852 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3776 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3144_UFRHLCRMFBFGNKDZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 28714f2fdd5058d6cabe725850e8240b |
| SHA1 | da4219db7c78690df7450e1d13b2493b5083cb24 |
| SHA256 | c440e2b11102cd82796f8c710c7ed8ddabf9e0f3ca5b4c225cbfd2aec281d6bd |
| SHA512 | 046631d3aa7756827009175f081899f4e36404df2e724fcd5a5739d04098d7e9ce3ca9e0a3c7b1d729880572bde307cadf1a90aceddddeaceb502591a95370a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 00196538587421a905c55a66e26331b4 |
| SHA1 | ed3a84072e6ab8911ea900dabf420d8f6f789728 |
| SHA256 | ad96f25f2510cd227f5724c9bf49916d52974c187dc587f71b6ab906496f6fe1 |
| SHA512 | 7652db7a3d950850aa14879bcbb62ffcc126785e5c257c8d9ee6bb99db34010604405b086861e93e077f5a6d001f33dbde14f9cb7db3a0d4897e2d59ea3bae18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 406f9b991593ada8465d80318c5e17e0 |
| SHA1 | 578106abf82e53ef521f5a61cdfa93ebe10b1d91 |
| SHA256 | 26e4f722e9b1d6670c940f94a874fbf7b7e17cc282713bba2df4fbf87caf2b03 |
| SHA512 | b21963c8753729076078250521089ef7179e1701fdb64e522d420976dc58de572400d5a22b8f3eb3ad3ab06603d3146b3a3834c21e69984172923127894ce895 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3537a36e3343f2e3809ca4421f1a7e07 |
| SHA1 | e534f439c78210c18ba86a1706f024103a25e786 |
| SHA256 | bb4ec04e4eb6483ad4c68aec8ceee915d42d0faaeed78d4ca94fcddeba35adb9 |
| SHA512 | a942d168910695723587e27f152e9686e1dee522d95c781e0fc794afae4c644a9bca718f4a5d7fd3ac39ab65ce494d32102b175463954a34726da433695318c3 |
C:\Users\Admin\Downloads\Adwind.exe
| MD5 | fe537a3346590c04d81d357e3c4be6e8 |
| SHA1 | b1285f1d8618292e17e490857d1bdf0a79104837 |
| SHA256 | bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a |
| SHA512 | 50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4821bf108568175a83c057c1aa166278 |
| SHA1 | 12f49311fab3704adf021f0e6bfe6826cc94c5ee |
| SHA256 | 4adc912c8bd28bbc3ab7ebab7425964c7eb770018b64de4a6407f85cc687e582 |
| SHA512 | bb067226a3f2176bb020c49cbf4278b28eff680e0a11093eb406a2196f11dad3ef06e139b7710aa6b68b530e0016ccdf1460ac1f2e0fe9709a534ba36ded4275 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d897de3ed8f855c7fda29ba7792886a4 |
| SHA1 | 0637ca7fba554e294e9ddeae71f2817185390120 |
| SHA256 | 68531a19147c440623b64d5c2f1e087b3b67330ecf69f3d060c5058f8497dada |
| SHA512 | ae779d04076333f5706e67b821dd857289fd9278f58d3d91271860015d3ed7fdf430b9fd0ea24bd8d8a418dfc0c4e4c964bbe3cef850793b1ceadbc6cb11837a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d5c7b5e0cef81acab3ae0d5aab0b5a2 |
| SHA1 | b3a8d1d6af9417f64048876aa80854d7672bc43a |
| SHA256 | 87f838b8447b065b05979d778e484c76e0c3aa17d68def3fbdb49d76cb4355a0 |
| SHA512 | f580c5109c5fc4c28a41a9a53d3148420d42d568693303917f60a246109164baa8d189efc85a18317c9758708ab10f3e6b863dd99ac9598e3f7d57049adac267 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd7257f1134afddc506f73e53aff1171 |
| SHA1 | e94f1ef3414908ffe9733101549718c2738fbed4 |
| SHA256 | b741369c2d52ef75ff31e63953b95953243454678ef172bad5c3aa3b0b5b302c |
| SHA512 | b94e2eac144f2c8e66f203e23e2c873c3e7010946fe1b6af823f998d12f52ef1c574dbdd8b902995cf8f47b07768ba7062aa8aa150341a1b17e3f6f7edac92be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0186f3fee4017f7581901be3fd556a0c |
| SHA1 | 6f5baec6c5e12b1f57449be789765b5d19c548d3 |
| SHA256 | d50823cde00381f83f2f776a2b05f9c781c61e2c9f0084d5a48c8022a3d61b26 |
| SHA512 | ef16ff86ca5bc26252a378a09537821357cbea56daa3a4291b76b5bde7315f9e677d7f46e9d3dfa75a79f9ed9970756eb320f91060c575eaf2c7a75952521622 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6c5ba6c15570bc67439d5e0e2a97d878 |
| SHA1 | 4c1fc61bdee287b9c836b346c43d0a0d1518a3b3 |
| SHA256 | 2c6238e9a1199c6e992aad9488a504d654afbf97c91543d33cd5c97662365712 |
| SHA512 | 17ace0eee8160b17cdd518a829799f93b415327cadc8aaff2e4c16884f5e2d1cc5cfd06b6dce013159f112d380bf2616d23fd538325f3e1fc370ed35ecc549c9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-23 22:37
Reported
2024-03-23 22:40
Platform
win11-20240221-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
RevengeRAT
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:Zone.Identifier:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RevengeRAT (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
Uses the VBS compiler for execution
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3960 set thread context of 1432 | N/A | C:\Users\Admin\Downloads\RevengeRAT (1).exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| PID 1432 set thread context of 2272 | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| PID 2432 set thread context of 2484 | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| PID 2484 set thread context of 1496 | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557070778865663" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Adwind.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RevengeRAT (1).exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\svchost\svchost.exe\:Zone.Identifier:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd76a69758,0x7ffd76a69768,0x7ffd76a69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4952 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3460 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=832 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1796 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4680 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8
C:\Users\Admin\Downloads\RevengeRAT (1).exe
"C:\Users\Admin\Downloads\RevengeRAT (1).exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5744 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1bqmqzcz.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES361.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc61E0F8E8B5E442A9B5DE314F3AEA2CF.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vh4kyi_d.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES42C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB66BD05DC7B743ABBE10AAC1E6DB95FE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\roxmsboq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4C9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc927842EDF3847D8A5A3B2E1325E65C6.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pevurp3f.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES555.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc223E487D175E4C5BADA2947243FE7389.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lkgryhvd.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5F2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6592B02B8F3F4FCA8C7E7EC232FC727.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\c8xkawj3.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES68E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5CBEBE893BCD491185FEA8B7B7172E42.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fclddasw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES70B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2EC8D42B422849998A45F6AF1037FACD.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uzewnjbg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES797.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAECF094127584FDC9B39D83325211E9E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tengqr84.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES824.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc78F8344B42D2402DB24F2592EEF9CE3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dhloguo3.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES891.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA80551F28950453882102BC2165273F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cquw7ost.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES90E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc19B88AA9F586439A9231844E8976D81.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x1y6nkyt.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES98B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc46E16C5E689B49BE81CB78321F119E30.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\j2fzo-pa.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA18.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8B54D4A6F8DB45B488835C6F3D1E280.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vynq7wgh.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA95.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc11B82313779540AA9B72EC291378472.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2bbyx7yr.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB22.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE2A1E10E312A41B89476732599B9B7BC.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x8i4ga90.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB8F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF5E253501D1E40D7A7A9B5E636F1B1E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jkhp1hvt.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBFC.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc925BEAD59CFE4C88A8EC8DEBFDAAC2EE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\b9lbgh0s.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC99.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6D24491082D54FF984DCA2BDAE597B39.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\umavopk3.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD16.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4E7F5B7972F648C5AA4E6325828B48D1.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xyqadjnj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD83.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB85DF25D54BB43E195D69B28D0115739.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rgozn2rm.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDF0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF4F5D987DAFF4128B8AF8014F648B4BC.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ya3-wo5g.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE4E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAAB9238053564009A3CF9B88770428E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\b18amtrp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESECB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAD1B5636BCE4DA78A733B3289B8F4A1.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hp0c2llx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF58.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5398EBEAD434158B867EC47AF2FFAB6.TMP"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:2
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3124 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| NL | 52.111.243.30:443 | tcp | |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | udp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
Files
\??\pipe\crashpad_4440_CJQCTILJOCPRZKHR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bd3a9362e3b1428050fec400f376c36c |
| SHA1 | 8f43d6f266815d20af92ed49820f27c1729c18b9 |
| SHA256 | da9e6a7334e5c96fec081c5320ddae6dbf504c10c0208db56af7ab90e0ac1568 |
| SHA512 | 5f4979a1442cc556dda43ce1be37028955870e6ec2279740729bc1bb3fd1a5bf5a7a4ecfc84abff3d9ca87b1b5e168a7dab012a173fe36a9957fed6935ac6fcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 718b45ba6c56c6fe665eb8a3f9da9bc4 |
| SHA1 | d4852881b5e66d96b8cfa5dd74e419976ba9b147 |
| SHA256 | c6debc07db9858b1f8a83cc83111bbaa9e2867d351e70a4c7765d39e7936e872 |
| SHA512 | 669f3d89d463c658308924a8c9cd070ed4460b4acd9e7be33c0b798eaefc648fd59d87baa6033d488d1f0f779766a5157f8d7a439ef0171517883af7b92d8117 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 64115210f5882d5708bf85532fa8088c |
| SHA1 | e7b55d2170590a96b43440b7944ed79faf0d5225 |
| SHA256 | 677b89c5f492b327307db0a5f9230866af6b2eee14d7a3148a4fbe18f2d99508 |
| SHA512 | baf4061aa3833d9da71877df3a1cb3683b69585c4495b1f1b54ca6122be8a0b06c20f2fbd0f343a4040087d027551fca84ff52246f8024b7e96b61f18a4b1c3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a296ad5fff04f9ca0c6a7aef272caed |
| SHA1 | c559dff829ffaf4b53f02efd5ea01963bd90af9c |
| SHA256 | 14439e2401db56543c8821cbaab999af4284fc05bf190a28634b0ac0be17bfd3 |
| SHA512 | c4dd7c1490c98524af1b911c4a61ef2ef09dff7c10d7ee2197c3b20f2cb78dab6192a43c630b7b1624f22ce54b8e9482dc4e9fd6bbd4075664d2b1361c2b28aa |
C:\Users\Admin\Downloads\Adwind.exe
| MD5 | fe537a3346590c04d81d357e3c4be6e8 |
| SHA1 | b1285f1d8618292e17e490857d1bdf0a79104837 |
| SHA256 | bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a |
| SHA512 | 50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e84ff35b3099f7fe8114124b9fd0b50 |
| SHA1 | 23ebb9360e9de2ecc6350a0a0ae0505b9ee5495c |
| SHA256 | 288853d48bd6b086f8e5a87152ededcf3fd307d1dee9e426c08cc3ad9616abf6 |
| SHA512 | 468313b4c8964bf5a42cbe00ae4bcf2c7f7ab2f09036ed54e5e9d7a8652b020081be68593224a3a549f80e810c599b8e20e1b5f9c5a19374ce5a4945f97180f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe37209945f354dfa644bcc27b400434 |
| SHA1 | dd5cff1f3c1e04bdbccb7fa70a38802b12100bb0 |
| SHA256 | 701bf70664e614b81f851187eb23a4404bcf868fbea8d332ee99832fbeae2ad3 |
| SHA512 | 65b8fcaa741fb5334f2e82b85502d5708b9eafd9a15935b76ab6842c7182b45384f5a41cf6f26f1c8b41cb2f6d459216b061114610fa59b9888924ca1a7fcafc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a1628af88c37c3a2298533a1f29e1426 |
| SHA1 | 1df529ea48be6a229696258f8d3c9248bae1be67 |
| SHA256 | 4ed0da0c1e7df585607158e5a8563868c15fd21ee8989dd7e65f3fa51c9fbb9b |
| SHA512 | 113bbf937361d2399a35981a1723ad3fe6fa4eac263399230e5b5a49be0e1206fa99f38a1143506a691354f1a01e7089ffe266e97422002504e8b19f59eaff01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e8a018d435051900ba83a1ed83932c2e |
| SHA1 | 49666364a5f31b1998d9b81fe7a3c2d8b5c28783 |
| SHA256 | 2b9ff3697efdac5907add76f294d7b95847882ddcff0e1961616f5c8508ca076 |
| SHA512 | eb9702423490d6ecfdb32faef793ab6e56543f1df587b1ca870440a1e102c6461f9eda1d5ba3bd2fad2b8b3f1f811dc88017d5d75e6a1079c3067f7b5c3194af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580450.TMP
| MD5 | 7d7767c9d0906feb09e9d798166783f4 |
| SHA1 | 5724a4e21755608c87654d94e8d63ab589039ca8 |
| SHA256 | d8906e383272f50223d930c3d2ff8a458040eb95b2c202a99e6bfefee624f2eb |
| SHA512 | 07535201e274f22f289ae65af4a49f730d6588f5ec1b5e9ce2d7b59f6b22648325cdcd5eddbc36136e3237970b0aa794b859ce71c29fe9411896d648249542c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\41f43cab-13c8-4625-8b7c-54c1c2e3fa01.tmp
| MD5 | c5266a5cbd639e57c0c18bc53932245d |
| SHA1 | b586a36010f22999f99398ccd14292570e6fc1f9 |
| SHA256 | e1dfb20c948dbda74da8a0248ea7e1ff298acdeeaa9751e7c630ce05f9cf0a35 |
| SHA512 | 7f4c8b93208a498570cbaf511a3a392ff642fe114922da6c0024ed591538f353b9a74050f245a76bc01eb7036e0a2f3d9d6dcffe3a9f77eb3c5fa640df0c8aef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 088d0e06c8c6df77f22383baa1946639 |
| SHA1 | 1a300f9cdf965014efcce62acf507220838f72ee |
| SHA256 | 15bd2a308f7afc6c01f6bb3044b52db25256c3a0f5a510732730ecb52520d530 |
| SHA512 | ee5a8ac4ecc7658f9df1d51c0523305d15c27cac0f555d0b0a2c0d1e54740bd06331698c05e230b4fa20be56c7588d03a21b1ea7dc6dd8a42654831207d9f878 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a51a5b7e62a7e6b4950e6ad21a252e3a |
| SHA1 | 6283ecf39c4febafbb4f2018ae876de9d39fd816 |
| SHA256 | 35802ea6e46cbc6b198998f7498c2800db8891ca5266d2e9baf9d8b431ea849e |
| SHA512 | 58bcaaed35eab7f731f939621367ddcafefb7efcf49ec36473889309718189551aa569d46d0170e9bf5c9b1f94f73a8f206b9ddd8fb5c96311f0a3c2f9b3fbd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 027a6a6f240c1865eb8f6984cb3b0ded |
| SHA1 | b71296b03ae8173867bc48f6d941a882cf3187af |
| SHA256 | e7f83d1dca8a578c7c109bbce04d57082a622fa80c28255ce69b795b008637e1 |
| SHA512 | 054c8e5d9e968f6b009b0cc6f70a30f05a508991057db5ed84f9460fff3146e0cf0856e8a29c77542dd64e8f899b13f6a35df0d127c74ce70684a302e99c3d37 |
C:\Users\Admin\Downloads\Unconfirmed 485364.crdownload
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
C:\Users\Admin\Downloads\RevengeRAT (1).exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b50a3d6fa81572faabd98b769659eb02 |
| SHA1 | 2929d125a78f3ecf070892570a1560134a84c45a |
| SHA256 | e11b2da0a2430fa283fccea655c1caa55bb5b9cb5f54c1d962b72b96c2ae0f1b |
| SHA512 | ffc034b12fd279438e5dd7664d5ed3137cf2f1658553660e729b651c61c61dd497abd25c002a0268bf5702c048ee91daa4d2561bea7919189f4f7a92e773349a |
memory/3960-283-0x000000001B890000-0x000000001BD5E000-memory.dmp
memory/3960-282-0x00007FFD62860000-0x00007FFD63201000-memory.dmp
memory/3960-284-0x000000001BE10000-0x000000001BEB6000-memory.dmp
memory/3960-285-0x0000000000EF0000-0x0000000000F00000-memory.dmp
memory/3960-286-0x00007FFD62860000-0x00007FFD63201000-memory.dmp
memory/3960-287-0x000000001C4F0000-0x000000001C552000-memory.dmp
memory/1432-289-0x0000000000410000-0x0000000000430000-memory.dmp
memory/3960-290-0x00007FFD62860000-0x00007FFD63201000-memory.dmp
memory/1432-291-0x0000000075290000-0x0000000075841000-memory.dmp
memory/1432-292-0x0000000000FA0000-0x0000000000FB0000-memory.dmp
memory/1432-293-0x0000000075290000-0x0000000075841000-memory.dmp
memory/2272-294-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt
| MD5 | 5acbc874379d0d1a2b4b708f40bad156 |
| SHA1 | c86f2cb979412a8587833db1d1c421686ffe5759 |
| SHA256 | af720af30a0fd7a2348cb79bf3d79b427c63b782e20e1cbb425c54a6fea8060f |
| SHA512 | 72b248be50b7281b880a3ae5a2ef0a51fbea88e6ce16ff70fb2f70f42e601cb41659e095305ddab4b139acf5870d0c4671367cc3a136bb5d0f5b093047d8169f |
memory/2272-296-0x0000000075290000-0x0000000075841000-memory.dmp
memory/2272-306-0x0000000001120000-0x0000000001130000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aadfea738b4b99a10abc4d585d6bae86 |
| SHA1 | cb65461416a347109f64e6e4c5bb9fa37f914fe1 |
| SHA256 | 338ab8cb69ff563a1cb9b152f9b1a1391ba25a19b7846d9f42871b53ee883fe5 |
| SHA512 | 5a37d502a45b14752e1a9f0d98e885fe461a5d012da094107065f4afcd2b32f27b1f3b68e6ce206eec183b7172304a1a366331d831e666a90528a5d97edd5733 |
memory/2272-308-0x0000000075290000-0x0000000075841000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1b3bd1d295d3b4e556f99effd44d3473 |
| SHA1 | a003577748a6222603c29e50d70efa476dbb865f |
| SHA256 | 975fa2b29ed5adf7c6944f8be455011a9b106fb97cf560e7cb7206095f940802 |
| SHA512 | db5553b8172715d617710ca25b499ea308fa333fddf07025f567e600e9f54ba313e9c407cb23165152b908aad9fa6daa4149a5310cc1342417dbf2543c193453 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 5e28e72b443ded036a4cf369d0dda3bf |
| SHA1 | 0500de4480a54243b12d096745c6ba04c9479e66 |
| SHA256 | 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e |
| SHA512 | 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ca30de58bdef5b8267f01aac59e4d807 |
| SHA1 | e005dc9a4a382678f432773c4ccbf3c13aff51ac |
| SHA256 | 8641d7338f52a5fdc4782666c833eeb8f22905b21f43bd2501eb6a1f5023ff76 |
| SHA512 | 4c92f9b4441b1f5ff7e9fde6e9d668605c53ead64d5add4b8fb6c291a1f21aaf0c64bc5286b347aa6dfccdc5e7ac989113ac6ffae771bc4bfb76c6361db62a20 |
memory/1432-350-0x0000000075290000-0x0000000075841000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\12a22093-5fb4-49fb-937d-1593a455117c.tmp
| MD5 | 2d995c4a80242be1f97fddde112b0dbd |
| SHA1 | c4bd14a31dce35c893a97bdb99641e3a12bb9004 |
| SHA256 | c8835e493cbbf6c10e316cbe298f51336f99021592c3d46ed916dcc0b1790740 |
| SHA512 | 166d92876a8fd9f194b60b7d6492d74c7aab7fc99612d3dd5650b85eece4a4a7f84ab66ddef8c39aa51da2d1eb7b00102377ebbd085fbc3ba89c75369229b795 |
C:\Users\Admin\AppData\Local\Temp\1bqmqzcz.cmdline
| MD5 | edd8649c10da19190361f6527b400f10 |
| SHA1 | 4b39a1a83a9ccada0f9920c6295b7dfe5b2390bc |
| SHA256 | e68400f3362cb957d31777607b57dee3384a0dad31b59b1702af50d45df16285 |
| SHA512 | de910c648e98bd8171a0c97bee038810a352cd6f8afb473e5c105632a1c6f4de791f8d88734438943de9f36378505124ab21503e88c7c4f18a259d8d78c7cc1c |
C:\Users\Admin\AppData\Local\Temp\1bqmqzcz.0.vb
| MD5 | 8a280ce703f3d84f1c87d2039cfa73b0 |
| SHA1 | 24d7d6172c2a210579852e5c40e273a4ab31dd1c |
| SHA256 | 6abc297b9266ff140ff94573067be7dded9a27b340ca986d88c21d94cb912dbf |
| SHA512 | 3eb698c12c854e22f65cc0e93f37319057f7e1c797ff3faf1fc1c0ae5edbca6c8788605b05662af73d810c390c6050f9cf8efed48e8240097d1222b6bcd3c3a3 |
C:\ProgramData\svchost\DumpStack.log.ico
| MD5 | 28d98fecf9351c6a31c9c37a738f7c15 |
| SHA1 | c449dee100d5219a28019537472edc6a42a87db2 |
| SHA256 | 39445a090b7ce086d5efb4ac35add13672fac9bf40eb481b54fa87302a3f45e0 |
| SHA512 | f5c2458348347798304393fdb5c77f4f7ed7245c0d4c7594deb0113262828cb8e210e7b48a4aa7c4d2fe1e31201b4e326cd60a6f9d4e3ba1a7fbef322dde0971 |
C:\Users\Admin\AppData\Local\Temp\vbc61E0F8E8B5E442A9B5DE314F3AEA2CF.TMP
| MD5 | 33bbefcdccdaf60eed04963e79a70616 |
| SHA1 | 05b74d77bb3c5896e6551a7d3008535011667ad9 |
| SHA256 | 3b19c69d21da8c4db7a7f37f620863990ff449454f483a550aca0064d887e609 |
| SHA512 | 6d7ec2991563a1f0d9db547d949d42b7db227fe7f65cc3373943024b47867a38d1d3432747cae1fcca7960014a825057b56e8a9a76ba5008f58890a9efa0b8f2 |
C:\Users\Admin\AppData\Local\Temp\RES361.tmp
| MD5 | 9f6b3033bacdeb7298cc15a886350447 |
| SHA1 | fe8117fd498824a3ad5bba05663bd444417be91a |
| SHA256 | fd58de2a5937bfe7497639662226904dd9508660620608a32d398d6cdd6eca04 |
| SHA512 | 188be803ac7bfa24ef8a8f064eab2c7d7694d7f5f9ac947f2c1b40c8b9d4657317634533d3c073ebb8971fb70f12fdc73dfa8f814f7699362f218ccd321805a6 |
C:\Users\Admin\AppData\Local\Temp\vh4kyi_d.cmdline
| MD5 | 7f2640538568de48b9a003f21e486c36 |
| SHA1 | c491e571468518a4b75217503964531838149f49 |
| SHA256 | d18de3fb18ecbb73ab87d2a09cdb9182c47fcd7a0175a8790a752dd2b555acfa |
| SHA512 | 3299c68915f9710c2827c944be313250be45751c8ee2c10fea3cbda3da9ca81a08e296403898df4806ff3fb305fc39846c48e8fc8d12d1b02ee1f17b18fa0e46 |
C:\Users\Admin\AppData\Local\Temp\vh4kyi_d.0.vb
| MD5 | e4a08a8771d09ebc9b6f8c2579f79e49 |
| SHA1 | e9fcba487e1a511f4a3650ab5581911b5e88395d |
| SHA256 | ef4c31d167a9ab650ace2442feeec1bf247e7c9813b86fbea973d2642fac1fb6 |
| SHA512 | 48135e0de7b1a95d254ae351ccac0cb39c0d9a46c294507e4bf2b582c780c1b537487161396dd69584c23455950f88512e9931dbff4287c1072938e812a34dd1 |
C:\ProgramData\svchost\vcredist2010_x64.log-MSI_vc_red.msi.ico
| MD5 | 602ddd0c457eb622800ec2b65d1a3723 |
| SHA1 | e322f2927b3eb868f88f61318589cdbc9b5e4554 |
| SHA256 | 6491b2ebfda073e601f99be125c6ce0c4a72162e0995c673605c673581023a82 |
| SHA512 | eb0cd42b7178ee205af959b3b811bf85c44343c2e3ead6678ece7bc340fd0efdde3067a583649d12aa2123b555a4cc2a7be7a587fb2874a9f9aa666093df782b |
memory/3788-384-0x0000000002520000-0x0000000002530000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vbcB66BD05DC7B743ABBE10AAC1E6DB95FE.TMP
| MD5 | 84e9754f45218a78242330abb7473ecb |
| SHA1 | 3794a5508df76d7f33bde4737eda47522f5c1fdd |
| SHA256 | a979621de3bcabf9a0fa00116bcd57f69908b5471341f966c2930f07acfee835 |
| SHA512 | 32b51e82e505e9124fa032bfd02997de6d6f56e0c0dfb206aec2124199048168ec0f7927a0a289f4653662bdeb5089d91db080019a9556491ef111df99b12623 |
C:\Users\Admin\AppData\Local\Temp\RES42C.tmp
| MD5 | 35e3699258aa34829dac80e71c925bb3 |
| SHA1 | f38a81e08282480774159e290f7c8fae8ec23ccb |
| SHA256 | 6a86a2827d1ed1dedf7e5f03906472ce91829af3dc949e922dd7be8d13c32b6b |
| SHA512 | 90f3365f7de1bea4a00c55f3ac052bbd68367b87ef4b0dabe389988ace34b512bafaedc0f802e63fe6fa96d83cb48c47233a80e3f56ba330ec23e0448681d1a6 |
C:\Users\Admin\AppData\Local\Temp\roxmsboq.cmdline
| MD5 | c1958f08c7d4393aabf3822b06adbc9d |
| SHA1 | 6b4d634bdf7c442c4974e356d5c25b16ea8e082a |
| SHA256 | c49feac63702796db8ebbd8e4f73f293fae0bb221f1f8f18a3f4c1601e4933a0 |
| SHA512 | 51ef12ed1c590bbc6dc4e3ef46dfaa80e46ded74349107512a02c9258cf1c0373458ffd70dc94bcdf4e8abe329274227504f102a188b94bba1e00203cd4434fe |
C:\Users\Admin\AppData\Local\Temp\roxmsboq.0.vb
| MD5 | acd609faf5d65b35619397dc8a3bc721 |
| SHA1 | ba681e91613d275de4b51317a83e19de2dbf1399 |
| SHA256 | 4cfd86d51d0133dda53ba74f67ffe1833b4c0e9aae57afe2405f181fc602f518 |
| SHA512 | 400ffd60ce7201d65e685734cea47a96abca58ca2babda8654b1d25f82d2766ca862a34f46c827249a4dc191d48f56005a9f242765d7becdda1344b8741a9d8c |
memory/5112-399-0x0000000002390000-0x00000000023A0000-memory.dmp
C:\ProgramData\svchost\vcredist2010_x64.log.ico
| MD5 | bb4ff6746434c51de221387a31a00910 |
| SHA1 | 43e764b72dc8de4f65d8cf15164fc7868aa76998 |
| SHA256 | 546c4eeccca3320558d30eac5dc3d4726846bdc54af33aa63ac8f3e6fc128506 |
| SHA512 | 1e4c405eca8d1b02147271095545434697d3d672310b4ea2ecca8715eaa9689be3f25c3d4898e7a4b42c413f258eda729a70f5ad8bc314a742082b5a6a8e9ff1 |
C:\Users\Admin\AppData\Local\Temp\vbc927842EDF3847D8A5A3B2E1325E65C6.TMP
| MD5 | abeaa4a5b438ffa58d07d9459e5c1d6c |
| SHA1 | 69631de7891162dd4840112a251f6531feae7509 |
| SHA256 | ce174412cb2889bbf162b7ebe4476da5a9c928ba5b13111d338753ccc4c0f5fd |
| SHA512 | c9cae8bcc14661e993d97a3c7b658310a8b9c19044817589f92eab66f1bcfcecb3468b0de8b45cd68e218c23cd9c60aeef1d391af36ec03afab5c8b86d7937d4 |
C:\Users\Admin\AppData\Local\Temp\RES4C9.tmp
| MD5 | 7424660c51494b860243b9258d432e52 |
| SHA1 | 0c62f6daaaf9dcb1b20793c23e24b93a32c819ac |
| SHA256 | cf36d11dd7bdb5f4b4a6334fb8bc9f70f7a8cd960bcc753ea7dbc17b34ebec13 |
| SHA512 | f064e2dffef2dd384323490bb1c5094b66d402050ca4b86e89646cdfb44477943848db17cc3ff9ac837fe00dc7d3909748155c226e850a18e9c1802b31f22d7c |
C:\Users\Admin\AppData\Local\Temp\pevurp3f.cmdline
| MD5 | f2f64aa052784f807052e0122a479430 |
| SHA1 | f1520b07ae88537d399c7a8eee003db8d3bb7811 |
| SHA256 | 63a233921f0cfdf3a0724f7d1f2afa1fa4ac677af14937b6f51ad90491a9f7a2 |
| SHA512 | a19a3430e60949b971898b9c31c9116c6961725400a1cfdc1b850a724e2608a9386977d81032a7da4718a0ee3c33c12ce8e349b07cf476f72f6f2b262dcd0c90 |
C:\Users\Admin\AppData\Local\Temp\pevurp3f.0.vb
| MD5 | 83f6067bca9ba771f1e1b22f3ad09be3 |
| SHA1 | f9144948829a08e507b26084b1d1b83acef1baca |
| SHA256 | 098cd6d0243a78a14ce3b52628b309b3a6ac6176e185baf6173e8083182d2231 |
| SHA512 | b93883c7018fdd015b2ef2e0f4f15184f2954c522fd818e4d8680c06063e018c6c2c7ae9d738b462268b0a4a0fe3e8418db49942105534361429aa431fb9db19 |
memory/1296-415-0x00000000022B0000-0x00000000022C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vbc223E487D175E4C5BADA2947243FE7389.TMP
| MD5 | 11cb9aba8820effebbb0646c028ca832 |
| SHA1 | a64d9a56ee1d2825a28ce4282dac52c30137db96 |
| SHA256 | 2a1e197c5f17c60b3085782d3c8c97bd9aa2ac1e3a4a721122c0b5ec56d276c8 |
| SHA512 | d227b39d5d67c18703730fd990ac41077321054d4f24198cafbc0b7af1ed6c72e7ef7eb626fb558f9407e11b5b9f0d194237400d248a80560d715c88971ad375 |
C:\Users\Admin\AppData\Local\Temp\RES555.tmp
| MD5 | 99baa7c50527a43f2cdba38a37538215 |
| SHA1 | fda6c4ee008ae802625ca4c4c66777c00db1639c |
| SHA256 | 975bf60ebd83835f192245d0ceade0b30957ca659e3378ff5bc955cfe1d4eb5d |
| SHA512 | 0e86aabb9987a587dd07369ea6d955b42ddb4c4530e4e8f39707d61fc0f2636ced1045478f4e9ac3b987a3808b945a61e811b97d74143b4be1cefab153849f89 |
C:\Users\Admin\AppData\Local\Temp\lkgryhvd.cmdline
| MD5 | c2d6c78d15aa0cfccc20f0cf7919db18 |
| SHA1 | 7f369f161a2c0f1bfc24fbd89bf425a6596f7b72 |
| SHA256 | c5557ff86e103dc7b2ff01b2a31d452adcbeaa576fa7a19d40fc446ed715a1bf |
| SHA512 | 6cfd5ec6abf5d0f9a81ad88a44d5c70dc7648939f33872cdef498580780b239cccefd2c051495873b0049282e32bd7d7b8be84221526917181c829a0da3b2f1c |
C:\Users\Admin\AppData\Local\Temp\lkgryhvd.0.vb
| MD5 | 6e4e3d5b787235312c1ab5e76bb0ac1d |
| SHA1 | 8e2a217780d163865e3c02c7e52c10884d54acb6 |
| SHA256 | aec61d3fe3554246ea43bd9b993617dd6013ad0d1bc93d52ac0a77410996e706 |
| SHA512 | b2b69516073f374a6554483f5688dcdb5c95888374fb628f11a42902b15794f5fa792cf4794eae3109f79a7454b41b9be78296c034dd881c26437f081b4eaea8 |
memory/2920-436-0x0000000002360000-0x0000000002370000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vbc6592B02B8F3F4FCA8C7E7EC232FC727.TMP
| MD5 | d56475192804e49bf9410d1a5cbd6c69 |
| SHA1 | 215ecb60dc9a38d5307acb8641fa0adc52fea96c |
| SHA256 | 235e01afd8b5ad0f05911689146c2a0def9b73082998ac02fd8459682f409eee |
| SHA512 | 03338d75dd54d3920627bd4cb842c8c3fefad3c8130e1eeb0fa73b6c31b536b3d917e84578828219b4ffd2e93e1775c163b69d74708e4a8894dd437db5e22e51 |
C:\Users\Admin\AppData\Local\Temp\RES5F2.tmp
| MD5 | 448fb61b1d4a0571fd77f89f1103ca15 |
| SHA1 | 28e42698e97bb4844c60a66de8b287869129c13c |
| SHA256 | c7d8d326df06279aed8d21a37e7f1597b4b8ccbd20c40e0e8717cc87921aac7f |
| SHA512 | c0eb78ecda38ac97b3f1479192e3718388a8fd6fc375895b3b014e71822573f40b6c4bc15fa4f7c126a1cad26c18b6bc9e75df16586625e63d54598198d6b802 |
C:\Users\Admin\AppData\Local\Temp\c8xkawj3.cmdline
| MD5 | e9cc2f3ad8f1ca9cdca189efe01492d6 |
| SHA1 | f7b28e1527cbe53545d7550c0101d2c422e2511c |
| SHA256 | 039d0278bf7e37fc6a6def410e1f9cdc7374aff882a5524be3b4e2a9c1629eaa |
| SHA512 | e86b532fde23c6d96c7b5f6418a241e5dd16dbb7f97b6f4f56b98204e179757a6797b28b79902eb4c9d1efe1980d5d17f95a13e90ebbd89c52aa7a99e1418f71 |
C:\Users\Admin\AppData\Local\Temp\c8xkawj3.0.vb
| MD5 | 197e7c770644a06b96c5d42ef659a965 |
| SHA1 | d02ffdfa2e12beff7c2c135a205bbe8164f8f4bc |
| SHA256 | 786a6fe1496a869b84e9d314cd9ca00d68a1b6b217553eff1e94c93aa6bc3552 |
| SHA512 | 7848cdc1d0ec0ca3ec35e341954c5ca1a01e32e92f800409e894fd2141a9304a963ada6a1095a27cc8d05417cd9c9f8c97aed3e97b64819db5dd35898acac3b7 |
memory/4756-447-0x0000000000B10000-0x0000000000B20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vbc5CBEBE893BCD491185FEA8B7B7172E42.TMP
| MD5 | 4a0d9970022b9e7d0066dea49c7639f4 |
| SHA1 | 6a576f471355762c7dec0b258fa8268c06b352d4 |
| SHA256 | b9fc51192ec614b38899c981eb6cfe47429047df1af56226e87da01f95089cc9 |
| SHA512 | 92bcbbbbade44c91abe5bc4b4633892036b19ea6b0c5007a98ddc102aa41dca5d83568a9a243060a9a5153fea77bf7a56c7612d80881341358b1dcf190d42c48 |
C:\Users\Admin\AppData\Local\Temp\RES68E.tmp
| MD5 | 2a3cda67c9012ab13eb08f7051f4f875 |
| SHA1 | 9ef693baac8e89982333bd576caa1b61df2cc865 |
| SHA256 | 3605ff4e5bbcac8adf98ce0db1953c3c00b14a2e27fab96158fda411ede88789 |
| SHA512 | 981188f415575019cdaf1d88db76da636348c1f61425747c4284fd9a1c1c1b64b3d41e9bf2a874f4ca964a76f4182a0c08e196b309dbbf7493e38b804c432219 |
C:\Users\Admin\AppData\Local\Temp\fclddasw.cmdline
| MD5 | adfabf97af77b88e85518d7b88d33010 |
| SHA1 | 5d6c4466c859aab3cf66f9982f41dc81e40500b4 |
| SHA256 | dff2e07abb80def9b27625d1d1e3cc1d5ce68fc8b30704c131c0ebcab8f0f55a |
| SHA512 | e2876fd5e4d2050bd5b56015999d90320ee22f3ee37c1a53fe66833bb2c8948a66f3bda2316ae337b2c3d4192052ee9c761620e4c58ac96bd976ad0d704a0189 |
C:\Users\Admin\AppData\Local\Temp\fclddasw.0.vb
| MD5 | 7a8e43324d0d14c80d818be37719450f |
| SHA1 | d138761c6b166675a769e5ebfec973435a58b0f4 |
| SHA256 | 733f757dc634e79bdc948df6eff73581f4f69dd38a8f9fafae1a628180bf8909 |
| SHA512 | 7a84dbe0f6eebdc77fd14dd514ed83fb9f4b9a53b2db57d6d07c5ff45c421eac15fdc5e71c3bc9b5b5b7c39341d8e3157a481d9dacefe9faff092478a0cea715 |
memory/3624-463-0x00000000023A0000-0x00000000023B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vbc2EC8D42B422849998A45F6AF1037FACD.TMP
| MD5 | 0d43c4212c75578ea7eeb11e292cb183 |
| SHA1 | 30b2ba3ad685b03fe365fd5a78801f039c8cd26c |
| SHA256 | c6eb948ff4f2359dce5d80890ea50516c48a6599fd522744ec0dcb5da8da7495 |
| SHA512 | 1adc9f10811af124048c36c9f41b48c3e777b6807aa61f148f52448d79d3eaac533fe4b9e7f887c6ab64cf99e9664113dd7fbc98353a1b57fb98db1d7f865b25 |
C:\Users\Admin\AppData\Local\Temp\RES70B.tmp
| MD5 | ce34cb61d9f510119bb0d643e2f061cf |
| SHA1 | 65de753a656698ba36395deb3970b0bad2371189 |
| SHA256 | 469ff5280946b80d045e2a04b4406d1dba9cad0ad44eac9959dde4f09bcd2cf6 |
| SHA512 | d323b1d99af8192d66ffa4b3a64fd264643d6426a0a3d312983a55cae4f10c60635cc8dabea6941b46ce8196efccb112a443bbc8105e72d8b23eed6ce29239b9 |
C:\Users\Admin\AppData\Local\Temp\uzewnjbg.cmdline
| MD5 | ae24b2dbe5c3ce3b9a7bdada762a1339 |
| SHA1 | 91dafef243cb7dae304146e23d2c0ddf0b6c5cdd |
| SHA256 | f2a8b1a077c8aa9458ccdbdc2cc6717eb00f274ab9a8b8f0971b4f5283bb4876 |
| SHA512 | 01e9f596c03ab7e82404e508226bb14be4a10a3ec72d628798c7d6b5d0379a3b3e0f9e551e40971f934cc8a0a5973a4c6e417cef27527678630142d6da6f90c4 |
memory/4924-479-0x0000000000AE0000-0x0000000000AF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uzewnjbg.0.vb
| MD5 | 7d0d85a69a8fba72e1185ca194515983 |
| SHA1 | 8bd465fb970b785aa87d7edfa11dbff92c1b4af6 |
| SHA256 | 9f78b435099106c2c3486c5db352f7d126b3532c1b4e8fe34ef8931c7b8968d5 |
| SHA512 | e5ef339dc329dbba2ab06678a9e504aa594d2f21ade45e49bccd83a44a76dc657f5f44dcf368f4d112bb3b01af2e577a487c6078751943770e90780fad202989 |
memory/4600-493-0x0000000002330000-0x0000000002340000-memory.dmp
memory/336-504-0x0000000002400000-0x0000000002410000-memory.dmp
memory/4404-515-0x00000000023D0000-0x00000000023E0000-memory.dmp
memory/3568-529-0x0000000002460000-0x0000000002470000-memory.dmp
memory/1076-547-0x0000000002470000-0x0000000002480000-memory.dmp
memory/2536-558-0x00000000025D0000-0x00000000025E0000-memory.dmp
memory/4616-569-0x0000000002550000-0x0000000002560000-memory.dmp
memory/3780-580-0x0000000000AB0000-0x0000000000AC0000-memory.dmp
memory/2436-591-0x0000000000C70000-0x0000000000C80000-memory.dmp
memory/2392-610-0x0000000002740000-0x0000000002750000-memory.dmp
memory/5032-638-0x0000000002550000-0x0000000002560000-memory.dmp
F:\svchost\svchost.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
memory/3004-651-0x0000000002510000-0x0000000002520000-memory.dmp
memory/1432-676-0x0000000000FA0000-0x0000000000FB0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d55485a081480519de1b9db6692b3043 |
| SHA1 | 018aeb4c48a59c95716d17cc0e0e432869f15d4e |
| SHA256 | 5615e1324013a9e5e82fbcf56b3dec98ea988b5a53aab84c55b4ae22366feea0 |
| SHA512 | f6657235a5767ee8fb02ca672bc31edead168a476080e0e1b79d060812dd56712703550e36c2e13e61aa6003f7fbe35da016166472d2223d3426c06c1dd20087 |
memory/2432-690-0x00007FFD62860000-0x00007FFD63201000-memory.dmp
memory/1432-691-0x0000000075290000-0x0000000075841000-memory.dmp
memory/2432-692-0x00007FFD62860000-0x00007FFD63201000-memory.dmp
memory/2432-696-0x00007FFD62860000-0x00007FFD63201000-memory.dmp
memory/2484-697-0x0000000075290000-0x0000000075841000-memory.dmp
memory/2484-695-0x0000000000AA0000-0x0000000000AB0000-memory.dmp
memory/2484-699-0x0000000075290000-0x0000000075841000-memory.dmp
memory/1496-701-0x00000000016A0000-0x00000000016B0000-memory.dmp
memory/1496-702-0x0000000075290000-0x0000000075841000-memory.dmp
memory/1496-700-0x0000000075290000-0x0000000075841000-memory.dmp