Malware Analysis Report

2024-12-07 22:26

Sample ID 240408-yqhtcsad26
Target https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:4689d6e7-4d4c-4efb-91f6-652de2c9355c
Tags
remcos remotehost persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:4689d6e7-4d4c-4efb-91f6-652de2c9355c was found to be: Known bad.

Malicious Activity Summary

remcos remotehost persistence rat

Remcos

Blocklisted process makes network request

Checks computer location settings

Adds Run key to start application

Suspicious use of NtCreateThreadExHideFromDebugger

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 19:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 19:59

Reported

2024-04-08 20:02

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

130s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:4689d6e7-4d4c-4efb-91f6-652de2c9355c

Signatures

Remcos

rat remcos

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*Chrome = "rundll32.exe C:\\Users\\Admin\\AppData\\Roaming\\VIVA_01.dll,EntryPoint" C:\Windows\SysWOW64\reg.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer (4)\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570799809787841" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer (4)\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4656 wrote to memory of 3616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 3616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4656 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:4689d6e7-4d4c-4efb-91f6-652de2c9355c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ef2c9758,0x7ff9ef2c9768,0x7ff9ef2c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4760 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1876,i,13111347004812242348,9228492293478589675,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer (4)\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe

"C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer (4)\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\VIVA_01.dll",EntryPoint /f & exit

C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer (4)\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe

"C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer (4)\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe"

C:\Windows\SysWOW64\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\VIVA_01.dll",EntryPoint /f

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Memory.vbs"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\WindowsServices\XWWTS.cmd" "

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command C:\Users\Admin\AppData\Roaming\WindowsServices\MNUZY.ps1

Network

Country Destination Domain Proto
US 8.8.8.8:53 acrobat.adobe.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
NL 23.62.61.185:443 acrobat.adobe.com tcp
NL 23.62.61.185:443 acrobat.adobe.com tcp
NL 23.62.61.185:443 acrobat.adobe.com tcp
US 8.8.8.8:53 adobeid-na1.services.adobe.com udp
US 8.8.8.8:53 adobe.tt.omtrdc.net udp
US 8.8.8.8:53 assets.adobedtm.com udp
GB 23.37.1.19:443 assets.adobedtm.com tcp
US 8.8.8.8:53 wwwimages2.adobe.com udp
IE 66.235.152.156:443 adobe.tt.omtrdc.net tcp
US 104.18.32.195:443 adobeid-na1.services.adobe.com tcp
US 8.8.8.8:53 adobesearch.adobe.io udp
US 8.8.8.8:53 ans.oobesaas.adobe.com udp
US 8.8.8.8:53 api.echosign.com udp
US 8.8.8.8:53 by2.uservoice.com udp
US 8.8.8.8:53 send-asr.acrobat.com udp
US 8.8.8.8:53 c.evidon.com udp
US 8.8.8.8:53 auth.services.adobe.com udp
US 8.8.8.8:53 cc-api-data.adobe.io udp
US 8.8.8.8:53 ccx-courier.adobe.io udp
US 8.8.8.8:53 cdn-sharing.adobecc.com udp
US 172.64.155.179:443 auth.services.adobe.com tcp
IE 52.51.28.236:443 send-asr.acrobat.com tcp
US 8.8.8.8:53 dc-api-v2.adobecontent.io udp
US 8.8.8.8:53 dc-api.adobe.io udp
US 8.8.8.8:53 dc-api.adobecontent.io udp
US 8.8.8.8:53 files-download2.acrocomcontent.com udp
US 8.8.8.8:53 files.acrobat.com udp
US 8.8.8.8:53 ims-na1.adobelogin.com udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 195.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 19.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 l.betrad.com udp
US 8.8.8.8:53 179.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 notify.adobe.io udp
US 8.8.8.8:53 236.28.51.52.in-addr.arpa udp
US 8.8.8.8:53 p.typekit.net udp
US 8.8.8.8:53 p13n.adobe.io udp
US 8.8.8.8:53 pdfnow.adobe.io udp
US 8.8.8.8:53 prod.adobeccstatic.com udp
US 8.8.8.8:53 sstats.adobe.com udp
US 3.233.129.217:443 p13n.adobe.io tcp
US 8.8.8.8:53 static.adobelogin.com udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 widget.uservoice.com udp
US 104.18.32.195:443 adobeid-na1.services.adobe.com tcp
US 8.8.8.8:53 www.adobe.com udp
NL 23.63.101.163:443 wwwimages2.adobe.com tcp
GB 104.91.71.94:443 use.typekit.net tcp
GB 3.162.20.57:443 static.adobelogin.com tcp
IE 66.235.152.221:443 sstats.adobe.com tcp
GB 3.162.20.106:443 prod.adobeccstatic.com tcp
US 34.199.101.34:443 pdfnow.adobe.io tcp
GB 104.91.71.97:443 p.typekit.net tcp
US 52.22.41.97:443 p13n.adobe.io tcp
IE 34.250.85.196:443 ims-na1.adobelogin.com tcp
IE 52.51.28.236:443 dc-api-v2.adobecontent.io tcp
US 34.197.224.31:443 files-download2.acrocomcontent.com tcp
US 3.230.130.186:443 files-download2.acrocomcontent.com tcp
IE 52.48.8.54:443 cc-api-data.adobe.io tcp
US 52.71.63.230:443 api.echosign.com tcp
US 52.87.127.203:443 ans.oobesaas.adobe.com tcp
US 151.101.1.138:443 cdn-sharing.adobecc.com tcp
US 44.198.154.229:443 pdfnow.adobe.io tcp
IE 52.48.8.54:443 cc-api-data.adobe.io tcp
US 3.230.130.186:443 files-download2.acrocomcontent.com tcp
US 3.230.130.186:443 files-download2.acrocomcontent.com tcp
US 3.230.130.186:443 files-download2.acrocomcontent.com tcp
GB 104.91.71.94:443 use.typekit.net tcp
GB 3.162.20.106:443 prod.adobeccstatic.com tcp
US 3.230.130.186:443 files-download2.acrocomcontent.com tcp
GB 3.162.20.106:443 prod.adobeccstatic.com tcp
US 3.230.130.186:443 files-download2.acrocomcontent.com tcp
US 8.8.8.8:53 217.129.233.3.in-addr.arpa udp
US 8.8.8.8:53 163.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 57.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 138.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 106.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 54.8.48.52.in-addr.arpa udp
US 8.8.8.8:53 196.85.250.34.in-addr.arpa udp
US 8.8.8.8:53 94.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 97.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 34.101.199.34.in-addr.arpa udp
US 8.8.8.8:53 97.41.22.52.in-addr.arpa udp
US 8.8.8.8:53 31.224.197.34.in-addr.arpa udp
US 8.8.8.8:53 203.127.87.52.in-addr.arpa udp
US 8.8.8.8:53 230.63.71.52.in-addr.arpa udp
US 8.8.8.8:53 186.130.230.3.in-addr.arpa udp
US 8.8.8.8:53 229.154.198.44.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
GB 104.91.71.97:443 p.typekit.net tcp
IE 52.51.28.236:443 dc-api-v2.adobecontent.io tcp
IE 52.51.28.236:443 dc-api-v2.adobecontent.io tcp
US 104.17.29.92:443 widget.uservoice.com tcp
US 8.8.8.8:53 client.messaging.adobe.com udp
NL 23.63.101.163:443 wwwimages2.adobe.com tcp
NL 23.63.101.163:443 wwwimages2.adobe.com tcp
GB 54.230.10.52:443 client.messaging.adobe.com tcp
GB 54.230.10.52:443 client.messaging.adobe.com tcp
US 8.8.8.8:53 92.29.17.104.in-addr.arpa udp
US 8.8.8.8:53 52.10.230.54.in-addr.arpa udp
GB 54.230.10.52:443 client.messaging.adobe.com tcp
BE 23.14.90.89:443 www.adobe.com tcp
BE 23.14.90.89:443 www.adobe.com tcp
US 8.8.8.8:53 server.messaging.adobe.com udp
US 34.233.40.195:443 server.messaging.adobe.com tcp
US 8.8.8.8:53 geo2.adobe.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
GB 23.37.1.19:443 assets.adobedtm.com tcp
GB 23.37.0.169:443 geo2.adobe.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 34.233.40.195:443 server.messaging.adobe.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 34.247.72.3:443 dpm.demdex.net tcp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 195.40.233.34.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 169.0.37.23.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
IE 34.247.72.3:443 dpm.demdex.net tcp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 adobemobiledev.demdex.net udp
IE 54.220.209.169:443 adobemobiledev.demdex.net tcp
IE 66.235.152.221:443 sstats.adobe.com tcp
IE 52.17.26.1:443 cm.everesttech.net tcp
IE 66.235.152.156:443 sstats.adobe.com tcp
IE 66.235.152.156:443 sstats.adobe.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.72.247.34.in-addr.arpa udp
US 8.8.8.8:53 169.209.220.54.in-addr.arpa udp
US 8.8.8.8:53 1.26.17.52.in-addr.arpa udp
US 8.8.8.8:53 46.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
IE 52.48.8.54:443 cc-api-data.adobe.io tcp
IE 52.48.8.54:443 cc-api-data.adobe.io tcp
IE 52.48.8.54:443 cc-api-data.adobe.io tcp
IE 52.48.8.54:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 ogbatobanana.duckdns.org udp
RS 45.89.55.76:4047 ogbatobanana.duckdns.org tcp
US 8.8.8.8:53 76.55.89.45.in-addr.arpa udp
RS 45.89.55.76:4047 ogbatobanana.duckdns.org tcp
US 8.8.8.8:53 geoplugin.net udp
NL 178.237.33.50:80 geoplugin.net tcp
US 8.8.8.8:53 50.33.237.178.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 textbin.net udp
US 148.72.177.212:443 textbin.net tcp
US 8.8.8.8:53 212.177.72.148.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp

Files

\??\pipe\crashpad_4656_ZKMCPMDTAWMVHJMX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 45db7f536f29524cb5656e681534a542
SHA1 343c64133bf93cae0184195f563446f9ed16bd7f
SHA256 15ad2ee322affcc962b0157ea30d34e3a4740b89945dd14938b785a23db3a9d7
SHA512 d2bc7117c9db1ad0950fc1a294e7cba2c901d415a419616f4287f5f7cf364c89758988a5e2aff40028269307ee9e46e9742286f3bc0b865d4c0767e0502e309a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d101d2fee3415b36f7e7cdccd3427ba
SHA1 c9bc4973d6ad6eb9ae9258034e05b0c3ba5ce8eb
SHA256 e2e3e8b71d57e7240806af14d4321f6f6c325d1be704d9dcaa6040c399967c0d
SHA512 c67f4f49634c7d10396ccefe679ab11d4b26229a89714ca9121f4056ee48bb30d4a9e5bef95adcff084bbce02cf308eb05361222daf338a6241c3b5bf943f55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bb36e14d12c59d7c4e3cc095c685758c
SHA1 5db7d792eb08366adf43f0017f69cd858ca49ae7
SHA256 645fd31d8eb0aee63cd343cdf119702154db581a979ea7cec00ea6814fbfec61
SHA512 1aa0641b473de68a7b7ba18256bc16280baf17ac98433df429c318a950039cb3c131cac5ad89c919b0f6ec4289baf0ff88f6a7485e49cc0e7c91c01a32266202

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 34b6f080b29a27fea173fd3ce8bd7a4b
SHA1 e50fa436373f540a55d5fe0d3f6752b702bae25c
SHA256 2dd8801b917105b34307ce6ebc27981595b9a12ac535df45bb8306f0bb0cf39e
SHA512 f53b4105d07bdc6e4683aa62f35c34c68c9d7f2a4118ba2e4bd6eb4c03ffc149dd6fed5ea22c962bec9aa06616b4732d5dfd4b2cf846fe2e665707380f363283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6d7c68778e804c01dce9fcfa7f1f2dcc
SHA1 518684fe56f8346703e623542459ca52d5252685
SHA256 37996584ce8e1f810c6ee9f6ebea099b8e5d3db15a54b4a9f4f39037f54db566
SHA512 5744b6ea51b79a21b755be5532f002b797bccafb3bbd3983f81c2671cf57675c1cbe913fb0c8dca4049cc051d754c33f38219411f7349ef4309b3da392946f35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578983.TMP

MD5 4b6b741bb37a8f4216443ca1942c8c04
SHA1 0ed96a8faad0d9644547fdace15d9852ea6700d7
SHA256 4739bee4683fafce1912cce957311dfa1eafa9712ad3492effcb99bc891467c9
SHA512 9b000380dad769ca07dac6f1d7a00d38f6ad072ac9ab743d8dc14995b6889f92f75eca739a94cecfca3b4ba17a1a13839aaffc4f2a82f7681b5c1fca4a7a0bb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\950d9ebf-7951-46c3-88e3-99ef1cd3691e\index-dir\the-real-index

MD5 50244b13c9cd554c0599f31d954be431
SHA1 556dc5219c886dfa3be83afe7780df34f1537293
SHA256 a673440be2f07d8c31d959bedf9a565ff428a6537308060394e9c9a1fa683310
SHA512 8ae8e16575d96b2fe25330b360629fbdf1eca6c988e2a0bcb5e94415af1320ebd73c687cfbe47537df42f259012a4264e97064ce5079881fc2a8a162576f8002

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\950d9ebf-7951-46c3-88e3-99ef1cd3691e\index-dir\the-real-index~RFe5789d1.TMP

MD5 8bf1e5d21a787d0070c97471127992b3
SHA1 6503602ae218ba0c95500819e33107af49aa3481
SHA256 0c5617ecdc86cc097c5f0e3b27fe1d80b2bf67a6489790effbafd8d7b061112f
SHA512 52bb21858ff072f066425aa3fdf59e8ab475cbb985298976529355c3f6696e42915ae9fa307df29861662f7ccef576b17138e10106ceb4f2f39ce7bf72cdaaa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt~RFe578a10.TMP

MD5 c07df772af21b1f22d3e0e275aae8717
SHA1 19152e4a99f7b5f05ea0b633c101568d4a607516
SHA256 9bd91e7c0a4c42241adc3f3befa6160bbf12c64973d1a133ab36a51f6f5d67b0
SHA512 c3bb7b207e9a4a9600144acf90de52bfbcebe12aebfe14f536cbbd6e800eb3bd0bf9a5075242f611aae218ae3e3e43dd205106ba940ea526cfc07e0010ffecba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

MD5 f19638575cd1b32ae44509d74e9c2b46
SHA1 0d4916b55d6fed8e4ec879fbea42df4e51bd1bf7
SHA256 b16909024f13570e2cd986c898086714c912b6250c4066e3eb4bd52fe9e7eea0
SHA512 0451691969752a7576173b2646b949468ad8b3b18d873f1623a92a63c46419ba03ec2f20f05dd1e1e4501e8531dc52b63871063fd8547a9eecc41a1109dabc0d

C:\Users\Admin\Downloads\4afa875b-4966-4ea6-aa40-40c2b4f5a9d6.tmp

MD5 5a83e69d24cb5b12367c64f1afeec22a
SHA1 339a7c05fb47a54d21befdfb8c415ccc16baf5ae
SHA256 4517725c70a23ad47dd7cef433e0ec92c5cef135b732b6038db1e54b46ccafd8
SHA512 cf662d544ee4ffc9626fdd881274292e5b24334581f76e2fa06bbfd1b1d7dcdf0de24267e715c18d5615987b2329c5df41fdb9394fd494a8872880063251945b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c7e35e32fe1dfa8e92f654cf000cd26
SHA1 fc45435831536aac6a9cd47dbe59b6c8666e69e7
SHA256 f5e93a7fa8b91c0e60f5095ed8c12beac00a515320fed6b182c3f61611445b6a
SHA512 38e3b922f9da68c8aef6ce6acef2cd3d543a92b948f74a3574ff8efad71006dbec5f819c617cb65ebf611f9d24ce859bfca76f6cd56acf2375f106f2cb822886

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e33a66e2b73cf804c7e7bb656c338ae
SHA1 5d6d985200c934a1d154292a7380c6ab3b451316
SHA256 747c08d8d7b1c758b169110572c36e847b55716ddb815de0c7dcee73bf68f7e3
SHA512 2ae7fb927b279e5d730854ba442af497703bacac5885893c79af9729cf587c69da424a1aad909a899a03beb2aff71da651754869cce745422bbc4d1bb795a486

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0461e42863356cb48fb3bdcd0ce7eeda
SHA1 2311198a6138070ae60ff09d9eeac03d968808e9
SHA256 9b420f9427c3b61566e0ac58841f2977b9d1a55f99bcdcac98c4c3ce6f77be22
SHA512 f843877da38e1aed18907cbc646dbdd16421f434b61f2694e62384940110404b208f28384c4d42573da238f3a8a7dbd775d4a417b3c27b16e96b6c6737eb6966

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bd74.TMP

MD5 6f7280b080f242bd6e0976451c15b370
SHA1 b3d271a855a79628dc218672bc8ad79b99119ed7
SHA256 0d4419f567458748510a047212e1f9fe8ed58a96e77c8a544630f0b8f0bb566c
SHA512 02e002c2285869ed9aba48334272643bea24d30b92edbcbc0e721096d57462b4760d460f9cead428e575911b3ff7da3b0580ffb47b7a05c9b1652a7d82582c0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7c9f55e5f8e07f5ac5d45d705a8534f2
SHA1 a24ae78a132f10b7a1c3c22f54a8c178121bed79
SHA256 d961bfcbdc2a13bd6f7993e76aa7260299639d6d15cb35ab78edb57013f54a6d
SHA512 4e42d9036e64237b33e178b0f593cc610235f8dab7e1059405ad111fe8c5450893b921167f8a8b1cc679d465c7758977f3eedb96ff78696e475d718985277b36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 82cf3fb67934ad9414abf513dfc5e168
SHA1 d47c0a164083119cce45e3906eb1704fc967378d
SHA256 f388a51db94f4920e88b55f595786f9a98e43606eb61fb4dec890fddafe012d3
SHA512 c998302817b98a488dfc066487a7142f723a30d7e8f789451e6f01b5c64da9816f362a475f331ef2ee420d6623f63f7eebc59f307ff11fb005b94d7e0943cb3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 19954ffccc37c4ab8d16a0d406913bdc
SHA1 c1278eb13e57cb3e213294c2d9ac9571a5437846
SHA256 7665a31168f450b176b6e09feafe0598ba4d3596e204f225a2f38e079b51ab8b
SHA512 c78b991b6d696cee6bb41f6f116b3b2612e6bd0cf70e4d0477b508d102542002043931d6177d277ba886afc434e7d043755f46389de20d92791e6c8215ca3c02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2353684be69c4812726d32f1b59d7bf9
SHA1 d80930134ee1a5878833d086919f9dde5af4a3d7
SHA256 1cb5cbf649df5ba4c4ec06160110874a5551ba6f2beac0a6a197d6a4a454aa61
SHA512 0b7349b923cb23fbee81fe861e37b1d5b37129fa5fe0a2869b4c4c1f64c699dbb07d1b410f05f403bbb4fda0584b1248c8a325a58467497994b81411f66dd9ce

memory/324-374-0x0000000010000000-0x0000000012DB3000-memory.dmp

memory/324-375-0x0000000010000000-0x0000000012DB3000-memory.dmp

memory/4368-376-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/4368-378-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-379-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-381-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-382-0x0000000000410000-0x0000000000492000-memory.dmp

memory/324-383-0x0000000010000000-0x0000000012DB3000-memory.dmp

memory/4368-384-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-385-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-386-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-388-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-387-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-390-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-391-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-392-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-396-0x0000000000410000-0x0000000000492000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Memory.vbs

MD5 f2423557341720ee37a3ca4160ab350d
SHA1 dff2f296535fa069dd29ad0860bb1d3ca61a1e37
SHA256 82c1e03d1965f9efb7597e8999cc8464d471be14657d42362b4d6ffdb257d2d7
SHA512 3a0ec132bcb1239afa7046130eaf86e41a0693dc79d482124df0e93a1312dc4021a43c0a9db6b48ae201e322e9c61a3b0ac6ae791395d398404140cd79d7ed03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a09824108122231ab9d4a73279b3b7f2
SHA1 de549d851c78355cbd8aebb01f069051daf10e03
SHA256 6c6c6073219cff65dee85b20316b721f3ce2ca5f2d1852832af629cee1e46870
SHA512 1637db3a1f9a9c1063c9f43a824ce204d64a3d7132b53919b37ab524054cb4115041d5f3707ab761191f08e6b290ce157f528c08fbae15bcf51e062a3218776e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2a01c125fcfb6acec6e572f1275d42f
SHA1 4429c3c86a49f846ad474ad77ba24f83959f129c
SHA256 5d60bfadf94947dca9e0d492fce91a43a86df9ccd4030b6d79fcbbf224c5ad0b
SHA512 c463275923a6d19036c34c43ee28f971c1742df8f7f10fca1ed3965f12958048ad668267a32e3c23940fac36d9a9adbe68bae7b26d4a1037b9760beba65e983c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 a13bc6fc3cd16aa02ee6924629d66b58
SHA1 ff55a25dd5afcd63618f20f961ab01cdb77b9017
SHA256 43fb2eec7875a609b628d38f10bf4a8c59e90ccf96d3fff75e24c36a5bbe2015
SHA512 c1f7fefc181ffc8fc4ac6d8c257c82deb0d2ec32b31abfaffaf68c4052138cfb89f560197fa7435049cdf6b2bb1e53d4320036f5cc1db2de167577770db41362

C:\Users\Admin\AppData\Roaming\WindowsServices\XWWTS.cmd

MD5 ae51876ebf33b5bc2b49115a5f0ce077
SHA1 77a138eac0ebf7a9ec90fb299570166089038321
SHA256 10fd06231daa6f01e645d0b3ca70b1043c6dbacdcfc2523060adb1880effe2ca
SHA512 d19338c6a5d8851b15f2b9d46e31dbb2e9570a02456c76b01be9c70a376aa2520b25791eaedc48cabdb382bab17fd7200f3eb2c5917f029cefa3cd227192fb4d

memory/4224-524-0x0000000004A80000-0x0000000004AB6000-memory.dmp

memory/4224-525-0x0000000072900000-0x00000000730B0000-memory.dmp

memory/4224-526-0x0000000004B30000-0x0000000004B40000-memory.dmp

memory/4224-527-0x0000000005170000-0x0000000005798000-memory.dmp

memory/4224-528-0x00000000057A0000-0x00000000057C2000-memory.dmp

memory/4224-529-0x0000000005940000-0x00000000059A6000-memory.dmp

memory/4224-530-0x00000000059B0000-0x0000000005A16000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vsr3jg00.ij1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4224-540-0x0000000005C10000-0x0000000005F64000-memory.dmp

memory/4224-541-0x0000000006020000-0x000000000603E000-memory.dmp

memory/4224-542-0x0000000006060000-0x00000000060AC000-memory.dmp

C:\Users\Admin\AppData\Roaming\WindowsServices\MNUZY.ps1

MD5 26fde7d375d1bd5bb2365e3c9f01a803
SHA1 226f0e4fd419f92ef65464bac9656f3a33c9c754
SHA256 3d9452c2294d672986b03b274fdc8111c38b87efc76163995b7a257d5c6c2ee6
SHA512 499a237f13b0bb1e7880d29c057bee403075039f4592e59c10f95d3e57aaa9e2aa37de61f3f5b706f03438778955bb23d3f847ba116e3784eb3534725c7b3326

memory/4224-544-0x000000007FD20000-0x000000007FD30000-memory.dmp

memory/4224-545-0x00000000065E0000-0x0000000006612000-memory.dmp

memory/4224-546-0x000000006F2B0000-0x000000006F2FC000-memory.dmp

memory/4224-556-0x00000000071E0000-0x00000000071FE000-memory.dmp

memory/4224-557-0x0000000007210000-0x00000000072B3000-memory.dmp

memory/4224-558-0x0000000004B30000-0x0000000004B40000-memory.dmp

memory/4224-559-0x00000000079F0000-0x000000000806A000-memory.dmp

memory/4224-560-0x0000000007370000-0x000000000738A000-memory.dmp

memory/4224-561-0x00000000073C0000-0x00000000073CA000-memory.dmp

memory/4224-562-0x00000000075E0000-0x0000000007676000-memory.dmp

memory/4224-563-0x0000000007550000-0x0000000007561000-memory.dmp

memory/4224-564-0x0000000007590000-0x000000000759E000-memory.dmp

memory/4224-565-0x00000000075A0000-0x00000000075B4000-memory.dmp

memory/4224-566-0x0000000007680000-0x000000000769A000-memory.dmp

memory/4224-567-0x00000000075D0000-0x00000000075D8000-memory.dmp

memory/4224-570-0x0000000072900000-0x00000000730B0000-memory.dmp

memory/4368-571-0x0000000000410000-0x0000000000492000-memory.dmp

memory/4368-572-0x0000000000410000-0x0000000000492000-memory.dmp