Analysis Overview
Threat Level: Known bad
The file http://mf.dwnldro.com/fs/Y2LwSpNg8s was found to be: Known bad.
Malicious Activity Summary
Vidar
Banload
Detect Vidar Stealer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Registers COM server for autorun
Loads dropped DLL
Executes dropped EXE
Suspicious use of SetThreadContext
Program crash
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: MapViewOfSection
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy WMI provider
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Checks processor information in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-23 03:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-23 03:20
Reported
2024-04-23 03:24
Platform
win11-20240412-en
Max time kernel
206s
Max time network
201s
Command Line
Signatures
Banload
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32 | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\Root\\Office16\\ONENOTE.EXE" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 456 set thread context of 3144 | N/A | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | C:\Windows\SysWOW64\netsh.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583160511073736" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ntfhw | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\dgxab | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cUedLosdjAy | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\BbzkAmfbdc | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cUedLosdjAy\ = "FyHi}{\\fcYrBQmd`d~|e" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\okIroGnqMXppp\ = "wNNbpDf]vcIu]" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\wuBnvFWQbI\ = "BMPqippFtsfQxcpqUE~swmW~zVuq{y\x7f" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\BbzkAmfbdc | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\okIroGnqMXppp\ = "wO~bpDf_QwjYA" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ntfhw\ = "]iI`VgPvtAQWzkHiipRSnaDsRK]J" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mtEdjBW | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ntfhw\ = "~\x7f]|~OJ\\pqvFfbM@QuxD^e|ydOaD" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\dgxab\ = "PQ|^ZOgo@k[ZqnM|ApdeON" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\Root\\Office16\\ONENOTE.EXE" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\okIroGnqMXppp | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mtEdjBW | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ = "Application Class" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mtEdjBW\ = "|dM[\\iW\\mHG]JbflGErA\\JDsM{[rsN[" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\cUedLosdjAy | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\wuBnvFWQbI | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\okIroGnqMXppp | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mtEdjBW\ = "bYhdOB^B~SYnnLhLBvV]qbs}S~eAJv`" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\okIroGnqMXppp\ = "M[QW@Sq`Fs]of" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ntfhw | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ProgID | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\TypeLib | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\TypeLib\ = "{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\lwiztp | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mtEdjBW\ = "bYhdOB^B~SYnnLhLBvV]qbs}SNeAJv`" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cUedLosdjAy\ = "Fyxi}{\\fcYrBQmd`d~|e" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\lwiztp | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\BbzkAmfbdc\ = "ygKC\\\x7fQgcWQAyEn]Ry{a^@Tne" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\cUedLosdjAy\ = "_zd[\\~_DEdiFi\x7fGeg\x7fp[" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ProgID\ = "OneNote.Application.12" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\lwiztp\ = "lkkE@J@vuT`wRD{YnDiBvEs_m^" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\wuBnvFWQbI | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\lwiztp\ = "leUHeQgNFCCA^BAg~ThBgNrK[D" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\wuBnvFWQbI\ = "I|]TyUrLi@wGECHEmKUtRohUB}B]hrn" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\cUedLosdjAy\ = "_zT[\\~_DEdiFi\x7fGeg\x7fp[" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3} | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32 | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\dgxab\ = "@_m_cjCUkRahtEJ~_]uOZd" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\BbzkAmfbdc\ = "GYbHOV]d~{nK[bAK~WMRbciGk" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\okIroGnqMXppp\ = "MZaW@Sqbag~Cz" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649} | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\dgxab | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mtEdjBW\ = "|dM[\\iW\\mHG]JbflGErA\\JDsMK[rsN[" | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\ProgramData\TEMP:8934AEBA | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| File opened for modification | C:\ProgramData\TEMP:8934AEBA | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mf.dwnldro.com/fs/Y2LwSpNg8s
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84320ab58,0x7ff84320ab68,0x7ff84320ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1496 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2936 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4060 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4396 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4788 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4360 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3276 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3108 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3256 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4268 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4844 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4660 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\" -spe -an -ai#7zMap9062:166:7zEvent12332
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:2
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\stich.pptx" /ou ""
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe
"C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe
C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe
"C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 484 -ip 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 1744
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mf.dwnldro.com | udp |
| US | 172.67.158.189:80 | mf.dwnldro.com | tcp |
| US | 172.67.158.189:80 | mf.dwnldro.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 172.67.188.178:443 | iplogger.com | tcp |
| US | 172.67.188.178:443 | iplogger.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.139.251:443 | link.reditraff.online | tcp |
| US | 172.67.136.165:443 | zsdsoftzfile.shop | tcp |
| US | 172.67.136.165:443 | zsdsoftzfile.shop | udp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 104.21.57.125:443 | xfgsoftzfile.shop | tcp |
| US | 104.21.57.125:443 | xfgsoftzfile.shop | tcp |
| US | 104.21.45.68:443 | dpaste.org | tcp |
| US | 104.21.45.68:443 | dpaste.org | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| LU | 89.44.168.80:443 | gfs270n370.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.80:443 | gfs270n370.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.80:443 | gfs270n370.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.80:443 | gfs270n370.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.80:443 | gfs270n370.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.80:443 | gfs270n370.userstorage.mega.co.nz | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| NL | 23.62.61.162:443 | metadata.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.17:443 | binaries.templates.cdn.office.net | tcp |
| US | 172.67.151.14:443 | redddog.xyz | tcp |
| US | 172.67.151.14:443 | redddog.xyz | tcp |
| US | 172.67.151.14:443 | redddog.xyz | tcp |
| US | 172.67.151.14:443 | redddog.xyz | tcp |
Files
\??\pipe\crashpad_3056_XGBNVFCZIYDNVOVY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 28fc64414b94edd1b4d67893d3e297e7 |
| SHA1 | c2d771ef6c3626cfdd49f11a3160bfead9ee5ce3 |
| SHA256 | c17d9ba9a8e80464fc8cc1e1f8e0476703903eee353bbcff95661ddaadd36c55 |
| SHA512 | 578e4f3a3304bcba5f6f66f8bc303702ab3a838596184ffc09b0202b6fe6e9e609b609825b0621e484d66c6d2a34300353be04c82619b42534d5068f7e224d9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c33547747f33f1c48a742d2fa721568 |
| SHA1 | bd1acfe492efdb6a389f775fb836a95c8c8bbbe3 |
| SHA256 | 114d5b9976e39c148d9493dd8c2115c94b34dbfffd5f13bc0b118b143da86214 |
| SHA512 | 8723beb840d150cdc0373500f01474d8ce11435640ac1bc4e3ef6bc213912f63db8158ffed5a7f4a249daebd887d9b0fe3e525a9dd39de1b63b84148ebfa5b57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | abe05bf4077713d130206a14d52d3e44 |
| SHA1 | 4d3fd6611ae9836577feffc8356884cec8d0aae3 |
| SHA256 | 8e9186692d4cdeca0029412b987f8cf6e4ce26a1e3b916c00e1e5d7ae2604f5b |
| SHA512 | d3bc14ac53a856a6e1c9f574525a8876f16aff5b79c277712812b6f709ff35aa6890c924e3927a340a3681da6b8040c67439521394e137218a9f6b72fd8f2594 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | adfc1fd0bcd40da2949595df08370591 |
| SHA1 | 2d2a0f3e07d07662bcbfe75c30c44fa9970c227f |
| SHA256 | ab01f09acce9579851f8eeeba4c67f1e1de4f0f46bfdc0d4a13d853f4b89ee44 |
| SHA512 | 28cd47e3b9d35b0d7bf775e4902693aa802b15f8c55d05354fc43e3841fdad754e3001cd8df70ea90b2fc9033cd9560df682c4f88fd3ae7f5e13e38fd37a301d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 021ea62c6d128abe78d216f303bc721f |
| SHA1 | 1b2ed81ef8e3444b49811926c5971360c9e90965 |
| SHA256 | 6e8d356c27716462d4c49246bafd2543aad79fb3f7cfc399e3fa3a08d39c4583 |
| SHA512 | bf6f1cca02680e8922aabb307c962de0f0128a7bcaf0f97f26da91ee338e764f50d41107084f8eac7f039398f791970ee3f1103c0ec37f03c7a023d422f47edd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d4675f82f912f4f603f79d81afc7dbd5 |
| SHA1 | 4b8fa85f521dd95f7be6c09127403978fbf5be91 |
| SHA256 | 37454f2f72cb95c7920e2eafc43440af865a9353eef26855a562d941bb5ec86e |
| SHA512 | 5f9d7a2262a96d5e6024fa410355d12d9000ee2fec7d09e1b95173e5f76823e774f1ebc5941094798cf1383c683bafc7219095262499fd5764344ce870052969 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab499b569c189de3e882004bc1e3b6c9 |
| SHA1 | 5afc34c9eb2ecd16c9064caebf3ee74bf0bd4f77 |
| SHA256 | 54581365b7b7ffe15304844eb5b84064753c0e624923f73a072ef86feb8702fa |
| SHA512 | 40f638cddfe5fe9681455e3625b207193ab3fc75654e7ca15bc8f08dbfae6fe225aa3e661d41498c2c84f76e3b2af7aae89158ea4caf0c95babb7e167ac5581a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 24a64afe81edcabba886557bcbbe6c53 |
| SHA1 | b4c3affb269ce8da8a1cf2140e02c5ad9f3dd618 |
| SHA256 | d409202ac65c5a09d2d58b33f5fb1bdfaf5daa04e7268e2c7af88b5913031ee1 |
| SHA512 | f121da1360a9fe89f71e67b20ad299f9a0c0a0e4dff2b418cd20d01421e5c5fd9ba7656f8c0bf6c53d6f4bb3b1a53a526d5d2cbded5c73f6b8db91eb507b401d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 086278b0e7542707336f9cacc84d217c |
| SHA1 | ced99a16b566acbe525ff159e7326e2e5c4a8b67 |
| SHA256 | cf39652094ba981a1e4ef29538cd06318afbc213ae5eb6aafdd4e0eded9b279f |
| SHA512 | 962ab1f8f78d54954253da9ff20a4d4cd541889e83b5b9fd83842397e9b723e6518579c725ae54d96a5a1f431a9ee71805246cdaa2a49709af1d51f0abd83f20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 49fb2536ba61964c0ade96bb472cb782 |
| SHA1 | 8bfe89b3a86b85ccefff538db07288efa4c2eea6 |
| SHA256 | e00c856d322659565acc8ac8b7daefffeb576a6b154119a66a8f4d3b0dfe98ea |
| SHA512 | 364e910fdeb8e27ff0df3526cc7ccb2d1dbc830b51ed150b1c37db307bef40afb8cddd8c272e882ee390942309673b7aa49462ada8b0f6fbefccf010a1dd476d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3744d84239403b969f26bd48797f626d |
| SHA1 | 0bcdd0d5450e0e675c3ababaed3dc11bfcd2ca32 |
| SHA256 | d3bedf7147c0830db6affa11213086be2c5156a04dace6accb950b9626474bff |
| SHA512 | ef56cb765b8582eb122b4bb8fa9af4ba0685dca36b415a6954a4d831289c0e12b026046710957b2762b00c3c582e4249c95269379046061e853b4838823ec8e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f973.TMP
| MD5 | babfff568b08e8ceb44f97331f890d16 |
| SHA1 | cd7ceb9e66a3931f31513a5dec243903fba92bf4 |
| SHA256 | 898c2542252e34777083b7c07dd5003eb15367428c2e4eb1526d18cc075aa86e |
| SHA512 | 5908e7b848ddab49c1ad2ee4e5a7ab24163793aae14564673dc2530f2137323fff4be48fab193849c061a5a91b2ab26ae24e14a63afa864521caca7f2a092ffa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 971673b46aa8f1ac058c758176d70db1 |
| SHA1 | bdceb6490cd47c7cee5b3d84eced3c2242198a14 |
| SHA256 | f29c5889069eceaf30ed1486acfffc5b0356feff819cc05f6899d02426788bbf |
| SHA512 | 0140918c725b232b04f53652689fcbdb83654ee97f3d3473ce93c91e3f6af53a02468cdcd15d7c088e8d9a307d69f71542268adf1809b3bcff324eff145960cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fd4c.TMP
| MD5 | 4967abd110ebee4716c6461af1b545e8 |
| SHA1 | 6ba48665183cb2aff5fc9de7d4027d3c194e3dca |
| SHA256 | 988f5a5754d089444eb2af0498cef6b0ceb315cb02ab9b37151fb9a1016eae12 |
| SHA512 | 0a07a3708ae961425c7ae9f78f2597c288781ce0613c5b7655bdd67965192ee9096dddc82af90c9390a8d22cc6848a188530eed280fbc159cf2c5bd92fae9397 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 170411c2900eb820c42b0332ee3aec8f |
| SHA1 | 2ae33f29376f2672b9cd2b6e81bb7de58a781afe |
| SHA256 | 72424947287e6e094b3d72fea975c37414558dd6f5c5564708a66677c6c0d60a |
| SHA512 | b1179d94e5f583c55c0c7e65f774105bd934f395319fd6caab6272349c5f697b0233aedb3cc83eff4bb56b56b230966474e53145f27fabb901b8e0cfefe4753d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8d66ca4b24a3b8d6e9ddfde0f3aec6e9 |
| SHA1 | eec8d7a1aa61247341c9d015b65b70852136758c |
| SHA256 | 8c5a1f5c70a38b412a52ba109bde73a1a958f036e432ea7fa3b678042ea782b0 |
| SHA512 | 8ee0914832ba8bdfb40ee727911ea815e0b52ebb74089c99018577b37c4a4d05a87cd98aaefff826359150bf96f12410f34836a6aca9d2ec5b0463a2afec8557 |
memory/4872-643-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-645-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-644-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-647-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-646-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-648-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-650-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-649-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-651-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-652-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-653-0x00007FF80FEC0000-0x00007FF80FED0000-memory.dmp
memory/4872-654-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-655-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-656-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-658-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-659-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-657-0x00007FF80FEC0000-0x00007FF80FED0000-memory.dmp
memory/4872-660-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-661-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\stich.pptx
| MD5 | 4405a43c55d7cb0d2836c0e2ef415932 |
| SHA1 | ec94c3a4b475b8b7edc2526bf24a02a366587392 |
| SHA256 | 5c3ce1831ebf67eec26a6a0136562f7ed8e16a96ed34aca5d3412fb36239a163 |
| SHA512 | f83cb3c805916ebbec2b2bd93352c47dbf968859b89a90807e3f839a547dc47b9ba63731e0a4dc819557d16d47bdebb42807a836a9c5feba4812790ef7ea148c |
memory/4872-664-0x00007FF850AB0000-0x00007FF850B6D000-memory.dmp
memory/4872-662-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-804-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-805-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-806-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-807-0x00007FF812270000-0x00007FF812280000-memory.dmp
memory/4872-808-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/4872-809-0x00007FF850AB0000-0x00007FF850B6D000-memory.dmp
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe
| MD5 | 98169506fec94c2b12ba9930ad704515 |
| SHA1 | bce662a9fb94551f648ba2d7e29659957fd6a428 |
| SHA256 | 9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363 |
| SHA512 | 7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30 |
memory/456-812-0x0000000003FE0000-0x00000000041C8000-memory.dmp
memory/456-822-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/456-824-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/456-826-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/456-827-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/456-828-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/456-829-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/456-831-0x0000000000400000-0x0000000001CF7000-memory.dmp
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\ACDBASE.DLL
| MD5 | dace23695dcfa0f7309b65366ac75bc0 |
| SHA1 | c5b1bad2dec36852fae90f81f0dbd00518479c01 |
| SHA256 | cf8b85beeff99b13d06ed15c79e555ab74e30dfa1491a36c4332f54ed09887e4 |
| SHA512 | 0e1e5fc158fb39c3c3c7733226cb846407cd01ca1c49800fb7668134ebef129ab43030f2768a8b149b5ba9a18b2d1b0f8bf23d1a8de487a482e9268e0b679bbb |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\vcruntime140.dll
| MD5 | 699dd61122d91e80abdfcc396ce0ec10 |
| SHA1 | 7b23a6562e78e1d4be2a16fc7044bdcea724855e |
| SHA256 | f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1 |
| SHA512 | 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\thiourea.iso
| MD5 | adf37980c7df512be83b824675b17504 |
| SHA1 | 157daddce6352ef9775fc176cb73bb45b349acdb |
| SHA256 | 5d9cdc30c4320f87451a888597c6478e11735c121f604eeab29737db63f443aa |
| SHA512 | 6775a654550387da6bd297441e7fddeea140490defda11ea2d92b8e6e5af0ce2ba82b2a1b984276d3c02ac275f59c5cb7d49c2d9cf8f92f8c5044dec3bde9e51 |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\libmmd.dll
| MD5 | b450502e725a31d8057b4eab0715725f |
| SHA1 | d9c08c3d68b383eb783815ebac78b37003eab01c |
| SHA256 | e7500acfa41668f641e1272d17ff33a2924b5c6a3cf61686b50789d5ace51c33 |
| SHA512 | 4fed4bb2e5d29e0fd11907e6e01abaaf13860972bf90d798374e8e7900f143badd41869b93aa06cf15efddeb275bdf624e0b7f88816ff2dfd1f380aa0c19c1f5 |
memory/456-839-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 9f812bd3815909e559b15cb13489f294 |
| SHA1 | df751c956f59b4e3c82496d86895adc7cc1a1619 |
| SHA256 | ce6fcc2ddf21720c92bee04f5736a4787acffa970a1b0dbeea39ff5efec52c75 |
| SHA512 | 0a360e8b81bf80cb6bdf240d627ddcf71b1a4ca42759de61b2d27fab521a8e6e3afa308cc69caf5a7c8b14d98d3d448f0d400ae1826cbe7d0f0ceafd14682064 |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 8ed70910380aa0b28317512d72762cc0 |
| SHA1 | 0421518370f24f9559f96459d0798d98b81ea732 |
| SHA256 | f15af0db93d9385ff9d8efdc06aacd0729d0dfcb66e91ca0243bb160f2ed89d0 |
| SHA512 | b31ef07eaac310fdd3df3546246e7dc696595b8e92141e3db79a44ddc3358b12129e3829a53c76d0fef214e3f29dba77fa5d556211830a140ea34ff62258d9d7 |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 6d35a57a6d8d569f870b96e00e7f1f4d |
| SHA1 | 8407bdb3cd5ec15b2ce738b3dbd704aa289ce3e1 |
| SHA256 | f41511e477a164eb9451ca51fb3810437f3b15f21e6f5c6ce0956e84ec823723 |
| SHA512 | 4317b86d32ca93e5f0d832819cf1ab8af68e853a19eb07dd1fa4d168a0b2a8eab309194884ed3a613b09fc6d511be872a053f76f00ea443499006cdd226fea8f |
memory/456-861-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-string-l1-1-0.dll
| MD5 | d282a4fa046d05d40d138cc68c518914 |
| SHA1 | d5012090399f405ffe7d2fed09650e3544528322 |
| SHA256 | 8b1471101145343da5f2c5981c515da4dfae783622ed71d40693fe59c3088d7a |
| SHA512 | 718926e728627f67ba60a391339b784accd861a15596f90d7f4e6292709ac3d170bcbca3cbf6267635136cb00b4f93da7dfd219fa0beee0cf8d95ce7090409e4 |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 97f24295c9bd6e1acae0c391e68a64cf |
| SHA1 | 75700dce304c45ec330a9405523f0f22e5dcbb18 |
| SHA256 | 189d551fb3cba3dbb9b9c1797e127a52ac486d996f0ac7cba864fe35984a8d28 |
| SHA512 | cac75f623545c41b2597a25c14f2af7eb93e3e768b345d3b0e1928d8fd1f12bec39b18b8277f9550aa6a66d9cfe1bf6c3db93ae1eb2a6c07019d4f210b3e5998 |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 6b39d005deb6c5ef2c9dd9e013b32252 |
| SHA1 | 79a0736454befd88ba8d6bd88794d07712e38a67 |
| SHA256 | b0e50572eb82a46ed499775e95bfde7cb25c498957432c18c20cf930f332efd0 |
| SHA512 | 50bc1f669499589a480379d72166dae701914427d51223994d63a0363420ca6fdde07010803270a62451afea9e4ae55206d8a4c00ca4680e7a9120cd33f99a0f |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 9d136bbecf98a931e6371346059b5626 |
| SHA1 | 2466e66bfd88dd66c1c693cbb95ea8a91b9558cd |
| SHA256 | 7617838af1b589f57e4fe9fee1e1412101878e6d3287cdc52a51cd03e3983717 |
| SHA512 | 8c720c798d2a06f48b106a0a1ef38be9b4a2aebe2a657c8721278afa9fdbab9da2a672f47b7996ca1ce7517015d361d77963c686e0ae637a98c32fd75e5d0610 |
C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 1a72e5f24214eb723e03a22ff53f8a22 |
| SHA1 | 578d1dbfb22e9ff3b10c095d6a06acaf15469709 |
| SHA256 | fda46141c236a11054d4d3756a36da4412c82dd7877daad86cb65bf53d81ca1a |
| SHA512 | 530e693daecc7c7080b21e39b856c538bb755516aafdb6839a23768f40bcfc38d71b19586e8c8e37bb1c2b7a7c31fcb8e24a2315a8dd90f50fec22f973d86cb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | df2daa3002a6838f29fb1b3cf0c4650a |
| SHA1 | 907d2168372c3d5cd736553543f552d1b73bc8c9 |
| SHA256 | 364b4de36165f31cc08eab0ab9aca9a4685eb448608565bd515b118ac4d10d0c |
| SHA512 | aab05694393c3c86e8b5e6e7a46aca53c490b44c2e19cbd4945edc0f7623f53358f54a23fac3b03f820d60a55f8cdcea282c0ac51bf73414f394795a009d75ea |
memory/456-871-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2c6fc85c
| MD5 | 84a0022d5b99427012959aa5a582c6dc |
| SHA1 | bc079c9a4ac8268639587affd32d4afbc62f63e6 |
| SHA256 | 99fccc40dca03e2a9fc4572ed384e9b18beb26fbc7f711d9c2018b91ed3d37b3 |
| SHA512 | 6e5b86ec1458ba27297ea11f919cd0a3cd7f6bb3e3c6986f7487f473d856c780e6b2eebc8da67cfe8964be4d4d66f327891f2dd00f59ac3fd98ce9cac6c48e6d |
memory/3144-874-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/3144-878-0x0000000073B10000-0x0000000073C8D000-memory.dmp
memory/3144-876-0x0000000073B10000-0x0000000073C8D000-memory.dmp
memory/1980-880-0x00000000040C0000-0x00000000042A8000-memory.dmp
C:\ProgramData\Licenses\01D69EEBF42E950EA.Lic
| MD5 | 6269fd7ad145dd8dfaf5db2f41c2d2c1 |
| SHA1 | 4883bf77559c29d56ad6d435c4f20c799ccf0a02 |
| SHA256 | e904a8a1f6b8cf965f7f617cb2f2a91561a968a1adc4293b23b7a1f3f1e9e0eb |
| SHA512 | b830971f2bcb1839002581a222c63713eebccc09d09af58bfc6f345a048908067683f1ede45cf5a61d63913a41f96a3aec3e3dbb8eb42f35adcbbe3dc42abdcd |
memory/1980-892-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/1980-894-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/1980-896-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/1980-897-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/3144-900-0x0000000073B10000-0x0000000073C8D000-memory.dmp
memory/1980-902-0x0000000000400000-0x0000000001CF7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe
| MD5 | 3d754cfa4a5b2a3f19720550acf6d3cf |
| SHA1 | e5c78edbd54e14a42258a6c223d2cf128530e1b6 |
| SHA256 | 8e5e627881c8182bfbb64601c6f4f7b30ba950dfd10f638f404479406b2c03b8 |
| SHA512 | 18db06443a718b8233ac9724e7f96310bf5841d2c980cd1d02e6fb6743e23acc13bd67fcd214b4c0650ac933f6f081759d699c73e14baf26ffc324c2b30f153b |
memory/484-905-0x0000000000A70000-0x00000000011BB000-memory.dmp
memory/1980-903-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/484-909-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp
memory/1980-910-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/1980-920-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp
memory/484-921-0x0000000000A70000-0x00000000011BB000-memory.dmp