redline | hxxps://www[.]mediafire[.]com/folder/wlb66f3osz1tr/Pengsis+EX

Analysis

max time kernel
222s
max time network
222s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 09:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/wlb66f3osz1tr/Pengsis+EX

Score

10^/10

redline zgrat infostealer rat spyware

Malware Config

Extracted

Family

redline

45.15.156.142:33597

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/7908-648-0x0000000000400000-0x000000000048E000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/372-608-0x0000000000600000-0x0000000000652000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
5660	winrar-x64-700.exe
5132	Injector.exe
8040	Fix.exe
6076	Fix.exe
6168	Injector.exe
4360	Fix.exe

Loads dropped DLL 6 IoCs

pid	Process
5132	Injector.exe
8040	Fix.exe
6440	taskmgr.exe
6076	Fix.exe
6168	Injector.exe
4360	Fix.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 5132 set thread context of 372	5132	Injector.exe	171
PID 8040 set thread context of 7908	8040	Fix.exe	175
PID 6076 set thread context of 3292	6076	Fix.exe	180
PID 6168 set thread context of 1912	6168	Injector.exe	183
PID 4360 set thread context of 7332	4360	Fix.exe	215

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592896429963172"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
5300	chrome.exe
5300	chrome.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
372	MSBuild.exe
372	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
7908	MSBuild.exe
6440	taskmgr.exe
7908	MSBuild.exe
7908	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
372	MSBuild.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5172	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
7692	chrome.exe
7692	chrome.exe
7692	chrome.exe
7748	chrome.exe
7748	chrome.exe
7748	chrome.exe
7748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe
6440	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5660	winrar-x64-700.exe
5660	winrar-x64-700.exe
5660	winrar-x64-700.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 2344	116	chrome.exe	82
PID 116 wrote to memory of 2344	116	chrome.exe	82
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 3988	116	chrome.exe	83
PID 116 wrote to memory of 456	116	chrome.exe	84
PID 116 wrote to memory of 456	116	chrome.exe	84
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85
PID 116 wrote to memory of 2016	116	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/wlb66f3osz1tr/Pengsis+EX
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e24ab58,0x7ffd7e24ab68,0x7ffd7e24ab78
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4968 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5012 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5064 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4360 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5092 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5400 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5792 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6264 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6600 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6300 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6756 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7084 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7108 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7440 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7456 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7472 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7868 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8008 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8136 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7116 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=9144 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8856 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8836 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8564 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8556 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9300 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9456 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9608 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8528 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9888 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9920 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10056 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6020 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:7044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2720 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:7420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:7548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10016 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:6528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9828 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8536 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8768 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9468 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10116 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8228 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8720 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:7704
- C:\Users\Admin\Downloads\winrar-x64-700.exe
  "C:\Users\Admin\Downloads\winrar-x64-700.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:8
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1888,i,258453286807894738,17458017679529722465,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2268

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\pengisv\" -spe -an -ai#7zMap4591:76:7zEvent18641
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5172

C:\Users\Admin\Downloads\pengisv\Injector.exe
"C:\Users\Admin\Downloads\pengisv\Injector.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:5132
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372

C:\Users\Admin\Downloads\pengisv\Fix.exe
"C:\Users\Admin\Downloads\pengisv\Fix.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:8040
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7908

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:6440

C:\Users\Admin\Downloads\pengisv\Fix.exe
"C:\Users\Admin\Downloads\pengisv\Fix.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:6076
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3292

C:\Users\Admin\Downloads\pengisv\Injector.exe
"C:\Users\Admin\Downloads\pengisv\Injector.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:6168
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:7692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd7e24ab58,0x7ffd7e24ab68,0x7ffd7e24ab78
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:2
  2⤵
  PID:7700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:8
  2⤵
  PID:6392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:1
  2⤵
  PID:7216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:1
  2⤵
  PID:7204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1968,i,18004663970378540613,2816783815640249033,131072 /prefetch:8
  2⤵
  PID:6052

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:7748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e24ab58,0x7ffd7e24ab68,0x7ffd7e24ab78
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:2
  2⤵
  PID:7224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:1
  2⤵
  PID:7800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3548 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:8
  2⤵
  PID:7952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:8
  2⤵
  PID:7864
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:8116
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff726d6ae48,0x7ff726d6ae58,0x7ff726d6ae68
    3⤵
    PID:8128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4836 --field-trial-handle=2016,i,18207582684997742615,16637426885182518602,131072 /prefetch:1
  2⤵
  PID:2020

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:6772

C:\Users\Admin\Downloads\pengisv\Fix.exe
"C:\Users\Admin\Downloads\pengisv\Fix.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:4360
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:7332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d0df793c4e281659228b2837846ace2d

SHA1
ece0a5b1581f86b175ccbc7822483448ec728077

SHA256
4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9

SHA512
400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\393f2976-356b-41a7-bd5c-0f71733e5ce1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
53c523f427177732c0b973f0a44addff

SHA1
d2dec984f289abaae78250a85bd6c93d920117de

SHA256
5df091dbf271365d5c7a0c8c1eeca1e81f7a13cf08e010b3e053ba5e464f03dc

SHA512
64b6e5568c30b7850adcae6882c047ac079dda524e21e089b9b2e8e34c8c2ed3b51d977847c467b0a40f66702527178e136c8b30e023db6508a72b0d2fab60f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
df6712713c7aab7223f6a729827f82e6

SHA1
75f40e08f8c962fcf02158aa58da0c793cfc82da

SHA256
e455f96a4af36236040e7dc93a7f7a7185362110c63147b2bd890ab6b14dc13b

SHA512
607dc9fb015df3fd31eb23b7bad8e08ebfc8e0f6de7c945638dfb5f707d58b45cb9d5199810da8a3fb1de22cc083e59b68655ca200c8c1d6d9acbd2461e89e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
a52517cb22f4b707c7a97d58073defa8

SHA1
778a8b326079ab5f0f69fa78bfa4aaeff8149ab9

SHA256
d1ce5d4b827c45595306caec18a8cb6f2f94173ebb5fd9d97b88c3a0a2d97c25

SHA512
acb4a0c04993832f94a2ae4e21209ee37f695eaa07bf29857ff0cf06dd7688d356b6dbaaf1e12d6f54bf15ac728b94b0a35833f8a603a40f673a76cfb18d5ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
c76c9e9a7928e4b2a478680bfa03dc92

SHA1
43c8c7112c5cd17d33331ff3ed4f92e3b54bb4d4

SHA256
c1fd61a17a4a8daa395384143bc211da90a9dbbfecb5c316ee70dd0a20418811

SHA512
9dd7b9d1bb5eb60993d656cd050ba5a432de1dcdbe9f937a6ac61bcb76cc357ffdae885bb67d0c072aa31de5c31fd89e31cfb05fe358fa4d5bbe3a4eccb2d5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a7c9079199a71abea026621b98b2743c

SHA1
1483d98601a42698cb58404446045ef125f5121a

SHA256
9d65483e87c91281366369d533d1aab91c393103f3283adad5dd8a6adf9d73f3

SHA512
6b9ab900c97ccb03502d51e502d19cce140dab6af8bedf721285cc7e1d6695fcbd19d9b70ecb7f501c0914ccdf65ad0a6acf09ae9346a9eb25ab5c73fa8348ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f92c1d5f-36d6-479c-83be-af002dc2d814.tmp

Filesize
5KB

MD5
3f44ec0cdf4c56e45f8c6838d2c9eccd

SHA1
5d8bca34e9bd2774b1c4f228faa02c5fea7d3cc5

SHA256
0611fcc1144c14853d21871ecdc20a4e72add9ab9a3ed005625c7f5c79dd9a64

SHA512
f69881cf14d84712c44a8ed78b91e9b986e89209ec11326d73d73172834b03fd36044f733beef65594f8240be20968c34fa3338a6067ce6d4ed317ffc77959c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0d48ab2a6ad2f2693a7513d317de0175

SHA1
19405e4d34c292cdc43f81bc9bf01b7aa10506a4

SHA256
77b85eb7e9bdb41ea57dc38016eae4baf179248901b77ffbd63097b640b4bdcc

SHA512
f7bc1c8a895cf2bbb4a2fa4e7bb74e4f11a9eff22aa04207ea34865520de14392ceda1130459b00524496bd2cbb0cb911a9e6a4a6ef3df4f7970e306f0cc4add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b177da94854f60022c05ac3c19e640aa

SHA1
49b5497f5682eb5d3f76e02b5d2377f34e028b6d

SHA256
73492a8f8897be3ccff4832b48446cffd7b9a1249f5f19172973f557f47cb2af

SHA512
1621e79f3eb8282dca537251aad2eef7a2400506347446cf53fbb3515141719cd1564e07271ac68a46d064228b14aaa5973d0aa84559100f6dd1a925a9576ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
85b695e6dff7f848283b43fba41fd0c5

SHA1
eb36afebee8e8336b7e61076ddc7a379171404b0

SHA256
6a4a4eeeccd4b7c25a0bc49926fbf591a634a8d4f03c29e97aef7083469eefa7

SHA512
57fb0252d526b5c605e459aa7f188b02835d880ae252e9e0faf16c5881a713aac74edebd1f76433d26cddacebbab7f5385178b77fd560c0915431425d785f20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
45feee38d8ee2e4b662342697a237a92

SHA1
44ab4fa9a31767a8e195fc45b7cc2241fb65cb36

SHA256
9cb4310d6827bf2b02cfa342644bdffc6ae272a069db68c63a7ab4833e84334b

SHA512
06e49f1c7a5b254c4ec4c489f05e1ee883974766e6ac9a16979de4369351873c9244511749e5daeecd7332a475baddfd70cb76406007798ea1322f7ff4384c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
345bd51512fc8bac7f3ba56d3d7be031

SHA1
f51a59dea5ecb4b9fbd021ee8394b96d2798bcd8

SHA256
bc83babfa1ee3850c91d0d22ee1171e5c29fc48063f7cf94b6c8d3f331de6747

SHA512
395a4e7cfa8e087b5f80a741ef6ca450ede567d3dc54801b45a264be81f8e25b14d6d84d43cb1e0744b6e71001e4453b8be04621ce948075174e94cd2ca7f8ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
331ece16ea69447dd6921609aa39d8f7

SHA1
f7fc9ca7402ea62cdec90e43a19f32da04aef923

SHA256
0f9ffe9a61569a958e74ea081a370a1a754cb154e93ffbb28d4c7ae29d19e308

SHA512
5a356c4e92d8892b7b3198d3808d8e2896939dfa1c43b766e35918799bfa79a2509ad1a13e9c07a33fcf296fbcc8684780611e4896b8f868243b725c6eda8a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e39b92d1c8222185d04db04207777686

SHA1
5268f804fc5d0c9b2a2b98cb8b877e531ea7df5a

SHA256
3f0b8af25163f45f1693e22acb3670c5a10527be718b755cd8057671b088f693

SHA512
cd00c46a84a7e64010731f608917b8394640d9b83aaf5941781c9127a18a5d6e0c0b916e896674c389c6d04fbc15d753eeb11e0b9dbbaae84a513d723f8fa1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
24683a2346ed329707ea3088c63869d5

SHA1
9e289aec1e1e389b0b09b1facbde4a263d5533c4

SHA256
f4e8ba776b17ebdad4ff2106c65889b5673ae2119293cd7121946a6c6a2ad653

SHA512
28927c164e8e3d5dcdc4192bb9a99dcc4c46976fc449c1c44c67a419b72017239b44a93af505ad027977b4c3bab0632628e2da17703ee325785ce1b5c240f1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
9b49654d9cda8f848bebf1ec27b6128a

SHA1
cdae0546b7fa5d37f2d16d61f0790926620cc18f

SHA256
d9c503bb3a64cbb38aa03eab07af9ce415c81eeba1f49e9827d091b905561b8b

SHA512
43ec32528b420442e8594d8a524ae3699a0efd33f70ebaa3325be1b5c7fa54cb26a615d8202484f624e24541d083b95f573a6733b8dd2ba87dc281a8a822c223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
9fc92a60a5d80fdc5575807403450744

SHA1
819e47ff835c2d6a4babbeeeafb3e2d846a204dc

SHA256
d6ac742f4d1ba6a9869239016b5f265ebbbfe0dcefef0863ff7813ded3fc111b

SHA512
c0338395336aefdc8acd276ae135b5504145af23f59e6ddd37cf16adaa8bee75016c6c5750f33bf9b59176fd9271adaed3d000ff8624e3ec70a12c9336f8e1f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
0cd813cdc6c23af18c549202bf1c1f5d

SHA1
56b6baf342f7f4cb1873341203f1f66f87b74129

SHA256
d836fdf686b1ad628dc27cdf59521fa90bc372318fd76666ee54b76caa8268f4

SHA512
620393866aced5d375338b2e9f142d86df3520ee850adbbdbd0c06e55ad7481ae1d8a17d3a45353de013e07fd82cc4fd0486bc168620115a1ab0930f82b83e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
6e658c2c1e101ec8829e73e4dd2ca4bc

SHA1
3e1e9bd1c2163e3d73a1d19baed64f4e5010536b

SHA256
b3e586f9577bf8241b4a3a0dd4a2e22c31bd8682448aa50afa6661aa9c8d99b0

SHA512
18baf97b48bd093a80920314d413d00217312e9d5c705ee1ae800ea93d33d6d974292c765199f034976fe67df1be9542e15f2752b40d0d723e0ed2c77e3ed041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
0ee272252d69477402fb85c19dbe390b

SHA1
9773c0e93ddfe83bf09555c303e06ef7e7918362

SHA256
176c10effaf67c371aeebdc55a8bc0204bcaa33b83139e07b982242cbf756a29

SHA512
2636d1323b288b440cc44483f0a5d1f59aaf8ff2af319161681db8121daae06999d6e3666b7abb0da676152c7a8efaceeebd88e07b38a89f7bc8bcbb84cddaa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
ebfd6761cc52c5a37ddda80eebf41e89

SHA1
93dad55b4b5d0e595f2078632dbc7b9ade021d9f

SHA256
5bc7a25465d3d3f27f9ff14d8499d22c6ab5803b5eac3ad35ae278e59bf2c8e2

SHA512
fc09228def2c8eceb889f1c4b4ed34c11e0831319ee76e5bedcdeb44126236e0a34161992e5893aa3cf564687e2f2b5b4199c1bbe69222630c8f8017505852f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c4c7.TMP

Filesize
91KB

MD5
74b558713da227fe66cd2bc9f69d914d

SHA1
095fe79fc4ddca6fa183956b1113d7d80bf37773

SHA256
ecbb5eae3783e4d459a0dbbd3d6140edf556f8fb3fecbf332cb1a94edd209ec4

SHA512
2417fe42ca73041583db2ff7800110f525c66e987a10bc5200044a1e309b7f7155777aaad6a9ae14b524eceb2331dfd8d151b6aab45d25a8686f509ac26a7ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f8286c2b-18b5-4c93-8ab2-910a38c63634.tmp

Filesize
104KB

MD5
181e8737770fcffb8167cfb4e53eeace

SHA1
560bc4d3a549f6ad2735fe68acc20e436292a30c

SHA256
618a32ee32681d1e920f30984381eeedc57f92ca44ce8e53e6c356d206f020f4

SHA512
97febc691ac52d8cb2b4ee8964c5e64ecbfd2b6af125f0973a5465286a2aeb516a7709f3f32f6fdc1ba8f4918551d00921c6d28eb5893cdc1aa8e1d3ee178a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp70F0.tmp

Filesize
2KB

MD5
1420d30f964eac2c85b2ccfe968eebce

SHA1
bdf9a6876578a3e38079c4f8cf5d6c79687ad750

SHA256
f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

SHA512
6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
646KB

MD5
04f9bf6f698fb3eed33d0ef486fbb69e

SHA1
279fdbcf3766291660a3ecb33808bbecdccbb47d

SHA256
a6e05196958d3efd2832981b1c3c9296483e0dd57cf8d8c58c037387aad84d90

SHA512
cb4732beadce2dfd7c4571234546d06b1661a69571692a23c8886695c503e89d8d96c4dd0ca3c0cd2819cff9038a505068c592df4161f8d81ea10816e92a4fbe

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
398KB

MD5
d41be18655a4f765427c019a2b7eb524

SHA1
dffbae6cabdab10598a780690fc2a9efa96a95a9

SHA256
b82d7fc0a1f94b1aa8868a47f84067ffa3af51eca367333fa20dea98a2393d06

SHA512
2543d6e011db673757872b1a8f50838ca61c95f6ef2272fdac77fdf43d6b6021b64363345afcb1471fff1888994ce2da09353a14debd6e5446bf593045c49d52

Download Submit
C:\Users\Admin\Downloads\pengisv.rar

Filesize
15.3MB

MD5
359417d467d94497a042e95f6128344c

SHA1
1e8f10e20b79a67a05f650cf17593beb114d7417

SHA256
a1b44d584fc7165940b0d4a2e7f38e8854d82d7c08abd22495619b7b05c3aed4

SHA512
bcfa2e735fa5c1d68adc416545777d9cdac26a051ed814b9c5b49c0dd4bc8af02c038bdaf4b72ec65321b054bfaff5608222559cdf827ea144efe96dfb893a73

Download Submit
C:\Users\Admin\Downloads\start (1).html

Filesize
27KB

MD5
40564d685c83672d4d3a849a24a1787d

SHA1
e0e6ee9dba9833266f315314c638c0044981a0fe

SHA256
13d1eeee6b656cdcfc0bfcf3fbd5b0ed28938ed70d8fb0ef6cc13c7382c9381b

SHA512
6aa6317e457181f13a313f439795f283ee31353f7df8a704cd74202e24a1ff56eded8c8619745ede4fce8a328e82568c4b2361ae7e5ee9a6da2b49a6b81f3f02

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.exe

Filesize
3.8MB

MD5
48deabfacb5c8e88b81c7165ed4e3b0b

SHA1
de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

SHA256
ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

SHA512
d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

Download Submit
memory/372-637-0x0000000006310000-0x000000000635C000-memory.dmp

Filesize
304KB

Download
memory/372-634-0x0000000006200000-0x000000000630A000-memory.dmp

Filesize
1.0MB

Download
memory/372-608-0x0000000000600000-0x0000000000652000-memory.dmp

Filesize
328KB

Download
memory/372-610-0x00000000050A0000-0x0000000005644000-memory.dmp

Filesize
5.6MB

Download
memory/372-650-0x0000000006450000-0x00000000064B6000-memory.dmp

Filesize
408KB

Download
memory/372-611-0x0000000004B90000-0x0000000004C22000-memory.dmp

Filesize
584KB

Download
memory/372-612-0x0000000004B50000-0x0000000004B5A000-memory.dmp

Filesize
40KB

Download
memory/372-629-0x00000000059D0000-0x0000000005A46000-memory.dmp

Filesize
472KB

Download
memory/372-630-0x0000000006070000-0x000000000608E000-memory.dmp

Filesize
120KB

Download
memory/372-633-0x00000000066B0000-0x0000000006CC8000-memory.dmp

Filesize
6.1MB

Download
memory/372-635-0x0000000006140000-0x0000000006152000-memory.dmp

Filesize
72KB

Download
memory/372-636-0x00000000061A0000-0x00000000061DC000-memory.dmp

Filesize
240KB

Download
memory/372-666-0x0000000006FD0000-0x0000000007020000-memory.dmp

Filesize
320KB

Download
memory/1912-701-0x0000000006D50000-0x0000000006D9C000-memory.dmp

Filesize
304KB

Download
memory/3292-678-0x0000000007DF0000-0x0000000007E3C000-memory.dmp

Filesize
304KB

Download
memory/5132-602-0x0000000000D30000-0x0000000000DF6000-memory.dmp

Filesize
792KB

Download
memory/6440-651-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-665-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-660-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-662-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-663-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-664-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-653-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-652-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-659-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/6440-661-0x00000267C7010000-0x00000267C7011000-memory.dmp

Filesize
4KB

Download
memory/7908-669-0x0000000009E40000-0x000000000A36C000-memory.dmp

Filesize
5.2MB

Download
memory/7908-648-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/7908-668-0x0000000009740000-0x0000000009902000-memory.dmp

Filesize
1.8MB

Download
memory/8040-641-0x0000000004A60000-0x0000000004A66000-memory.dmp

Filesize
24KB

Download
memory/8040-640-0x0000000000180000-0x0000000000236000-memory.dmp

Filesize
728KB

Download