Analysis Overview
SHA256
ea6e16021eed02ec0cc883299f56a2768e3900b5246b1c91b776d05432019fa8
Threat Level: Likely malicious
The file 685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpeg was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
ASPack v2.12-2.42
Drops file in System32 directory
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 23:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 23:58
Reported
2024-05-10 00:08
Platform
win7-20231129-en
Max time kernel
243s
Max time network
523s
Command Line
Signatures
Downloads MZ/PE file
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\taskschd.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\system32\taskschd.msc | C:\Windows\system32\mmc.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpg
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 1084
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5229758,0x7fef5229768,0x7fef5229778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1512 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3272 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3224 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3652 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3832 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3848 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2556 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1852 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe"
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://softonic.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3192 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2308 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:603146 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2748 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2472 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Users\Admin\Downloads\fastvd_bc.exe
"C:\Users\Admin\Downloads\fastvd_bc.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\is-QT6G4.tmp\fastvd_bc.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QT6G4.tmp\fastvd_bc.tmp" /SL5="$701C6,2374885,175104,C:\Users\Admin\Downloads\fastvd_bc.exe"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im FastVD.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:275476 /prefetch:2
C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe
"C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe" setupinstalled
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:734222 /prefetch:2
C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe
"C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe" takeaction ZmZtcGVnRC43eioxP3ZpZGVvaGVscGVyRC43eioxP3ZjcmVkaXN0X3g4NkQuN3oqMw==
C:\Program Files (x86)\FastPCTools\Fast VD\vcredist_x86.exe
"C:\Program Files (x86)\FastPCTools\Fast VD\vcredist_x86.exe" /q /repair
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
\??\f:\e73fc675584278f0678573e1fb0b3a4d\Setup.exe
f:\e73fc675584278f0678573e1fb0b3a4d\Setup.exe /q /repair
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1912 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1728 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=540 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3916 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3872 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8
C:\Users\Admin\Downloads\smpro_dm.exe
"C:\Users\Admin\Downloads\smpro_dm.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Users\Admin\AppData\Local\Temp\iolowupd\SystemMechanicProInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\iolowupd\SystemMechanicProInstaller.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:1586198 /prefetch:2
C:\ProgramData\iolo technologies\googlecriteriachecker.exe
"C:\ProgramData\iolo technologies\googlecriteriachecker.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:209982 /prefetch:2
C:\Program Files\iolo technologies\System Mechanic\WPF_Driver\release\win32\nfregdrv.exe
"C:\Program Files\iolo technologies\System Mechanic\WPF_Driver\release\win32\nfregdrv.exe" pgfilter
C:\Program Files\iolo technologies\System Mechanic\toolkit.exe
"C:\Program Files\iolo technologies\System Mechanic\toolkit.exe" /regserver
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:1455151 /prefetch:2
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloActiveCare" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloAVDefsDownloader" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloSystemShield" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloTUDsDownloader" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveMessenger-PrivacyGuardian" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveMessenger-SystemMechanic" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveReporter-Phoenix360" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveReporter-PrivacyGuardian" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveReporter-SystemMechanic" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveSync-Phoenix360" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveSync-PrivacyGuardian" /ENABLE
C:\Windows\system32\schtasks.exe
"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveSync-SystemMechanic" /ENABLE
C:\Windows\system32\netsh.exe
"netsh" winsock reset
C:\Windows\system32\netsh.exe
"netsh" int ip reset c:\resetlog.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 172.217.16.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.179.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | ia803405.us.archive.org | udp |
| US | 207.241.232.195:443 | ia803405.us.archive.org | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.213.91:80 | softonic.com | tcp |
| US | 199.232.213.91:80 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| BE | 88.221.83.219:80 | www.bing.com | tcp |
| BE | 88.221.83.219:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.232.195:443 | ia803405.us.archive.org | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.fastytd.com | udp |
| US | 8.8.8.8:53 | www.fastytd.com | udp |
| US | 104.21.31.160:443 | www.fastytd.com | tcp |
| US | 104.21.31.160:443 | www.fastytd.com | tcp |
| US | 8.8.8.8:53 | www.fastpctools.com | udp |
| US | 172.67.180.12:443 | www.fastpctools.com | tcp |
| US | 8.8.8.8:53 | fastytd.com | udp |
| US | 172.67.178.68:80 | fastytd.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 172.67.180.12:443 | www.fastpctools.com | tcp |
| US | 172.67.180.12:443 | www.fastpctools.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:443 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:443 | whos.amung.us | tcp |
| US | 172.67.178.68:443 | fastytd.com | tcp |
| US | 8.8.8.8:53 | fastpctools.com | udp |
| US | 104.21.96.119:443 | fastpctools.com | tcp |
| US | 104.21.96.119:80 | fastpctools.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| US | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.232.195:443 | ia803405.us.archive.org | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | svc.iolo.com | udp |
| US | 20.157.87.45:80 | svc.iolo.com | tcp |
| US | 8.8.8.8:53 | download.iolo.net | udp |
| FR | 185.93.2.245:80 | download.iolo.net | tcp |
| FR | 185.93.2.245:80 | download.iolo.net | tcp |
| US | 8.8.8.8:53 | download.iolo.net | udp |
| FR | 185.93.2.251:80 | download.iolo.net | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| GB | 18.245.187.59:80 | api.playanext.com | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | www.iolo.com | udp |
| IE | 52.31.93.31:443 | www.iolo.com | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.200.4:443 | google.co.ck | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
Files
memory/1652-0-0x0000000001DF0000-0x0000000001DF1000-memory.dmp
memory/2804-1-0x0000000002130000-0x0000000002131000-memory.dmp
memory/2804-2-0x000007FEF445E000-0x000007FEF445F000-memory.dmp
memory/2804-3-0x0000000002770000-0x000000000278E000-memory.dmp
memory/2804-4-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-5-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-6-0x000000001D3B0000-0x000000001D6F6000-memory.dmp
memory/2804-7-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-8-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-9-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-10-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-11-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-12-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-13-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/2804-14-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp
memory/1584-15-0x0000000002850000-0x000000000286E000-memory.dmp
memory/1584-16-0x000000001D360000-0x000000001D6A6000-memory.dmp
\??\pipe\crashpad_2424_ZHDWWJDPTZFNWLKA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd519bd57a2da6d45e89f46f83dff8dc |
| SHA1 | 6e10f3fd0e5d8797a9c109a191542c192e787835 |
| SHA256 | d8d479a896424f97bc420b65ca03bb485e7cf0592b194e319112ffec72a15f45 |
| SHA512 | 62fc52278fd3ea5292342fd2a8d066dd26867fb376bd787af1189fe52e5abd12b015ed42ae47a08e1a929e692b20666e0558dd2ac2bf535632176963b71f149d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf796b12.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 46c987543f7fe02c7ca665590c476322 |
| SHA1 | 46f46ba4f9e644938b306ae3f06bc25dceb07356 |
| SHA256 | b21482baf2ef8b05841e40bf7745d8a966aecfbf8d30e50a3430a7965c74ee38 |
| SHA512 | 804431ce405767a38cf71771540be75b7b1917f49f212559accef34e9cc2b909c3c208bc011671b2e9420192267ea2596b3b32d5d55814f26265ce0bcaf72eaf |
C:\Users\Admin\AppData\Local\Temp\Tar761F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1f63bbfcb3894675cbb38e67b374f026 |
| SHA1 | 546b6d983e56de987007d0860a5154cd0027f681 |
| SHA256 | 5b3b152b7b8cb5695eaa6e09fd96e3be54e193edfb9e3491b4e1dc14f16fdee0 |
| SHA512 | 65a17dea0c014a42f841321efdc5ab810331cd455747b7916b5c08f49f84b2646c88246ad75295b2955024d5f13bbdb18df452ea3219deb6b97c749277447ded |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c54d5990124234c8ea7e49e146225761 |
| SHA1 | cd640a37e67b36583be290d91804dc2c1e533e3d |
| SHA256 | 3753be9d7a6e1a604a731097c8a6f012bd4df59fe0cd4952822c17188f790e7f |
| SHA512 | 367c13234ebe4e6f1548103dd3b6ded0571cbeb2e5903377ad0796852e816ad76686a588359cd07138871181efaf0679bff6cec6d1c9bb564f21c687eeba3474 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 6e52a644708109836adae5b691622755 |
| SHA1 | fa6729b150828dba23c6cadd92c6b524529ccb9e |
| SHA256 | 9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e |
| SHA512 | 6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56a5018babdc1603efb49a007ec7c579 |
| SHA1 | d0996a70fdd4b0bb7779f4703798f4240562278a |
| SHA256 | 2f69ae023d67ede3f75a7adf95381765a9e61eb53b4c17820f3e24deb5b305d6 |
| SHA512 | b9f5d87707fc4d426838310f51b8a1df1b6af4da0c963afa2f0ab3f303efedc5d3b290a70b0c159a2bfd29af34e75ee12eb1138347992c690ffead6231c7fdb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf79c8ea.TMP
| MD5 | e3b380a21bf6b63dcfe87981e0bc4a2c |
| SHA1 | c7f84d9991cc1c1ca190cfa3a6715ac8cc4591e0 |
| SHA256 | 30da8c6d1f4ddea54b4c20decbca22a6785d59b0f0d5d85cf3d5d341ea9c02f8 |
| SHA512 | cb6ae7075076e8925a9587f96e4185b7bec408964590a22c2dcc666aa7e7fa0456160ccc442fd7a5e9d2b9302c7162130354062b6cf45f0d030029da865acbb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4534583e9dcaac327a5557bf15cdd1c2 |
| SHA1 | a617f3e15938070beab7f341ba03a59ae98a1dcd |
| SHA256 | e9c7968701d3cb7bcb6d95c61543dfe7fd4315f873cdc88c89d01b07a1cf60c5 |
| SHA512 | 40c8bc3d44b483a76331508abd02c00ecddfd4fe59a6f1a0e40fcd4630a116c5ab73a5a9edeb43acb664025350c6b05edd1b55a30e0c171f6451fdda98e52903 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e59de4ce139065a299c569bd3b63b1f |
| SHA1 | e62a9e05f4e2157dc86f377823502eb1cdde4d05 |
| SHA256 | 54ec04672f75f185af62c966caebb9fa65184c3233562f8066374e9a5d433578 |
| SHA512 | e3eb4af6ba33ccf04c31fdb15f1b8f5ded0915e53bc7938db41fb3befc00e29ea6ed00e82561aaa17e6fa56db05604544469cd52afdc2be6bbbf4d09326975d2 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a48e8f973c775982768e8f3d963a0dee |
| SHA1 | f0e66bde0f27f60189207c194eba25fa0c0a1513 |
| SHA256 | de1173b025fd976d15a7cea27cee2fb797defa5f6a1cb2b0d9fb631b36c97589 |
| SHA512 | fbc4dec46064282fa9479e588fa83a044645082d161917f7f56db9c29bff087c787a955a099cdb9555e72029609e1ecd6daf8bc98c5f950cd482174477a347f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef979588ffc4301d16ef6328799a27c2 |
| SHA1 | c9b9b7c51a393b8910d013e88203752b9cfd872a |
| SHA256 | b698c699149f3a465c409c3f67de5a35858e6485ad21b3fbb1b4d1f097184f2a |
| SHA512 | 2a203a8f94bc96b68423a42f9afd669a6e7500d013b2929a4967473a5964902d3199254b5c1f2b78e128ac98cf138cdabe6353bb61341565e50d25ea8a6d67e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67d94b59171b04dac206a9066f301147 |
| SHA1 | 5fb5462ac6a3bf32aa65d2753f39d5f56c3d7e15 |
| SHA256 | 086b2c13ee03ba1f59b574202120edabf2ffabab378e836aa1c6c8131335763a |
| SHA512 | a1de7ab5d5686729f1fc8df2e9da58ec45f22b3b5056a0406430a27f0b2c0fed97b5c5bdd612d2568481513a86546583cd295c2f42c203839b0fdd7ea8c15c20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 73c24f4de6daf3c19c39fae17d08cd48 |
| SHA1 | 47d6436c6d4b618e4013f20f2a2bd76ae5e14ede |
| SHA256 | 84b9c011d315ff399a4b5470fc3a530ae4e58b86b137a0f267fa28fd47bea4f6 |
| SHA512 | 671a7bcfbed84529d09a0e25c8873ba121e735932cec40a6042055e80771efba472a066282d9bf5b5f5a1935531e58458590e29a0844763d6cb8a3e8c152dd76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b4c4db9fe9b7f830ec1c7c2aada6b514 |
| SHA1 | d1b63aa722cf236c7025f99a7915d09de90171ae |
| SHA256 | 159213c40a8c3c2ee9adc45ba9e0953ec571acb24f4eb4c86d3b9c728a2e19bf |
| SHA512 | 9a019a0daaa0c8b633d699b5c2144f5332c4d958ae435d48de708d2b77413cf5000e5b743ae4731bf6070966fd2aea1335323ba74a5ad45eb9087362be710e7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\Downloads\Unconfirmed 943246.crdownload
| MD5 | a0378602cf315717fa81478cd7a8b089 |
| SHA1 | 0a029a2f6ba84600c379d8dba629a2d07f5345fb |
| SHA256 | 19cbb97c7efea408067522a621aa649d2c76a2758b43c327e64a96c8b274094c |
| SHA512 | f45e1c18147827556cd59477de4600c43cd54fed80d5b4ea6fd058889dcf6677d2ba545f00155bec6871001e90aa6a1b52f9106875a666cdd1d05455f4492ddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbfeba34920beb641c8af591e8f549ea |
| SHA1 | 44fb9cc1d353740c74b6c5fd44039f4e906d9f13 |
| SHA256 | 6a84e3cbf4f21ce2ed4046d1821f6eb42f8ee75cca4603d6a017bfe216e2493d |
| SHA512 | 900f4c2921c6ca6fee98c6b8b46b414c301fd999be9ab1792527c88047a4a5d15c45aa54e1786a0af0087ef2ec2620ac9ab1fab06666e340e74b07c3e5effa8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q5AB1QL\recaptcha__en[1].js
| MD5 | add520996e437bff5d081315da187fbf |
| SHA1 | 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 |
| SHA256 | 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4 |
| SHA512 | 2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05714651\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
| MD5 | a879f13e047dcec90f4f29b0962bd5ff |
| SHA1 | 13f19c5697bf3d6255add004286506b8c86d24e5 |
| SHA256 | 9e290a3969b5d8d4148c5d58c7b0f34ca26579842732d0f30c5b8f325651c841 |
| SHA512 | 653e08d27c7d2dfd3762bd8d6a77605ce30426a0f900365fa39988ce1f52ee8d9e4a971addaf3485500f6e64ee39decfa5ab75137d3c5f0b7a7f9b7295c9f685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a8070be439afbf024b3499fc3dc1604a |
| SHA1 | 5a08c0e626de4d20baa4f95b504164f3141106e2 |
| SHA256 | 7a2754d6ff08241ec036bce3b89eaa4fb9664031c7055dd898f599ebe3945349 |
| SHA512 | fc230d8abca20e6481ba7d2a36b52f59ae73e32d50d9a480487ea153a25b02f4a772b1b39991343e712a0b2f04ef5d84e38e9555b03473d7b0048809c21d0b25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 879d880880703d93b0b8d8461fe6c32a |
| SHA1 | c9da4aebdde3dc4200a022e159c63ca702b357cc |
| SHA256 | 1fd7ab8683840c6328bb64da3442ccc7edc79cb19a8cbaf1bb728ca01ea390aa |
| SHA512 | baceb4aea5b36591c1ecac25314e0ac52986a6b63341c698d99dc292671784fdf64b718fbd4360bb13c32c42a6d1b2d0b529ccaf6f628ac2a40418df23d013a5 |
memory/1576-1061-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-QT6G4.tmp\fastvd_bc.tmp
| MD5 | 48204bcf63ba2ba5174daed79c7f3084 |
| SHA1 | af69664a959b930b4a7785a9d52fceca9e08f4e6 |
| SHA256 | 38f20ccc4bdd9c88dd8c20b6b8de0ec6b5a173ad442595c65d470b293a84d778 |
| SHA512 | ea8df837880ea624a9fe439471e70edadf3adf8bdb3beaf9cdbf4bc9d1e2d56b14dbb6eb4b10a24293f159dd10971c73081906c52ec792fb669af5e075de9283 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4ECKCBY\styles__ltr[1].css
| MD5 | 2c00b9f417b688224937053cd0c284a5 |
| SHA1 | 17b4c18ebc129055dd25f214c3f11e03e9df2d82 |
| SHA256 | 1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed |
| SHA512 | 8dc644d4c8e6da600c751975ac4a9e620e26179167a4021ddb1da81b452ecf420e459dd1c23d1f2e177685b4e1006dbc5c8736024c447d0ff65f75838a785f57 |
memory/1468-1079-0x0000000003780000-0x00000000037BC000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-MO0F5.tmp\itdownload.dll
| MD5 | d82a429efd885ca0f324dd92afb6b7b8 |
| SHA1 | 86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea |
| SHA256 | b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3 |
| SHA512 | 5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 684678ad34765118843efa31dc7a1841 |
| SHA1 | 9364a8facaafa09368c6d8ef26005cb7cabe38d5 |
| SHA256 | 24233608c60d8c8bcc17bd04b53d86bdb7d2725404014260295b9136fda7461a |
| SHA512 | a4811902c077181234fcccd7a7699d4f06b56696750c7aebe52d9ea7fad9093a70bdd9207144f9de1e597e47ad846fc76796f9f6195f6d620632374da301d562 |
\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe
| MD5 | e0b39d5af41479b058fb09c60eac8f1f |
| SHA1 | 45b33d10a9cceea66da34d5cdbd2bc5a20834e77 |
| SHA256 | f7c261ee3d021906f08b974d4ec7cb4a4707a1a22c3962a76ad025d8656f2238 |
| SHA512 | 2b1f3432f6333417f51f78ef217f119a42b5ab83b5dc6ef06f6a4617ff1191733df97f954f5881998fe5e1135eddf414e984b9a9dcd29c34e148894a38c78330 |
\Program Files (x86)\FastPCTools\Fast VD\unins000.exe
| MD5 | e674abb33e8644f43e233053c50a3783 |
| SHA1 | c095a65ff69ef07747b3f5c455423e2440bdc5fb |
| SHA256 | f15744e5a015ada75b5a02f83cefa1d9829ba7fbb8fd3b1e8c7583459ecb750a |
| SHA512 | 6dfb97bebf6d62d9d8791c498c0373f571a370af7c9113375797f151f5fa3478802374eb6ebd68496f043426318edc9c54d9b56bb0c688c48cd1bec58fd4776a |
memory/1576-1175-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe.config
| MD5 | b22c0f0cf492fd76509b1299023488ba |
| SHA1 | d59dd43ef748abe7e087f3f0960ad72d87a0c1be |
| SHA256 | 1f433eb40043e0fe347d682f5384a041ce06cbff27e1d3cf5697f23d176c4907 |
| SHA512 | 673fe22eb0283bc3b734908ee60349ff66af24868cae5dec903e7d56c441bfb7337c99fb85eddad1ae84b8534895627b1d70b74e4ed69cd7576300ae5f8f6ecb |
memory/1468-1174-0x0000000000400000-0x00000000004DC000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b6e71adf7324685d8f60c97bdb99f892 |
| SHA1 | ac45dd58c3dfb5d68ffdbc27817f1e5ad5720830 |
| SHA256 | 40a181e9a8b85b862afc89a604eb290be3b5cd68937feb9ccfc467d3589e8e5c |
| SHA512 | f864a712e300632059c0678ff5f54412fc7f7a1db02e469bcdc77be452886b55cd3d08ff51076278d1a21b091b2fc459e30c53b0d8e8855dbfefa59f0ee4cea9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8750380a1f1d7cafe52f41fcec11bbb2 |
| SHA1 | 3130f3fa43ced6b3b35814f1a005daab36d15388 |
| SHA256 | 8dff8614a5bd24ac017323c5f7c7f85362a928d5d3460629c1871ac5327daa85 |
| SHA512 | 4df75da2bbee03e63d61e0b647990c02aaa857fec01b3f89fca85c894f95e8412a5aa7856554134a0c7b2b4714cb30d46559ff9055584acf113d88ea52f8cc6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc0946310519964dbddf673c848974bf |
| SHA1 | fbc09e74c9abeba8268717ec120ef9a0a3b238a1 |
| SHA256 | 5758948d0bfbba99640104ada4464e8d0fcd9df16715ecc5c7ca79f0298bc116 |
| SHA512 | e2672f2e9130c61abe5cafa6da53b57f45e0ac46dd2c14bb7a40bfb557036cd138267d36c623b6a5ed168e71b732b24e8b2a752952dcf9061f0ba36d9780d32a |
\Program Files (x86)\FastPCTools\Fast VD\Microsoft.Win32.TaskScheduler.dll
| MD5 | 936ace863919b97a08073aa3b5ff8f70 |
| SHA1 | b0d2ee5e28df893ea415238b0dd9b19a731b322d |
| SHA256 | 4a73cdce423fd3ab79a45f73e88f529f03561f77db9bb2bc12471de984e872bc |
| SHA512 | 917c53d11ecb75162649d9e6f6472662c9a6a443aae30b4caef78ce359f37b93ab59b2072f7807a4ddb6c9f1d7df194d2d5ef7d12328f17f23f9730f08dd9df5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ed0253ea5e9d8efbbb56a30858c2169f |
| SHA1 | 3d7faf0377964f06d209223774bac7339aed4417 |
| SHA256 | af58243607feec5e66890d8d5fc4e2e6a33a1625881cb21d2a384b8c20c21cdd |
| SHA512 | 6f26ed9f638d245d530737b670461b227cb60f3cd4a4b50c3f47a5686d29e4f38777a3afe95fd611749f89a147fe4cdd4f9bd2f1373faf059410a6bb2f941b07 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KXMYHSU8.txt
| MD5 | 391b7f548f4fe7187f5cc34e3b5c8275 |
| SHA1 | 3acdfe912a229c4d2b8566542dfe228e8f96b4e4 |
| SHA256 | bacc47483d01836c1429c137baef7ea8870e51704b05ff25676d627aa9e719b0 |
| SHA512 | 01352e631d8d8130ecffad51521659aff569217802903fa10924fc7511674365573c908b867c8731ac87ab34f3bc66b06dab7a2a5d149d84f4983ff787f673f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be1f0dfa0621533bac74c27f98f3a7e |
| SHA1 | f94275b8893fbb9f1bc85fa0f1ee9c4c7890a02d |
| SHA256 | 89b0ced512e229d36f2fa42949edd27c3f0df1194de7955aab9d3c54aa029f2e |
| SHA512 | de2aadc3b2861827ee83d929df36b21ab2020e683cde231e858df3748aec0d4a2b48cc9eec026257c38c335d7d70ce237f0109d7c59d0a8c893d73ccedfd07df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_BDF0A62055B2DFF981253B43C2036DE3
| MD5 | 808e9c4d164cb3d3641b8b5a2c0a1b38 |
| SHA1 | 3a9df848817fdbdc9ea314f930c12a9c13bec7c8 |
| SHA256 | 453b0a7c86bf4f27a47a21d7dfca7fbbb3288151c8981a3786e34976a8f591a5 |
| SHA512 | 2d9c17784f74076f9a126e0cd9f00b6d24429c83e05d48639cdf7b1f82fd9a8f5d309a96ab277219b37be1ef073a288599cbef8877303a0ec1dc7ed2cea09c39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_BDF0A62055B2DFF981253B43C2036DE3
| MD5 | d15bccb09fc60a7f9cf14a99fc5f2605 |
| SHA1 | 9a027d62bae6babc57ccd7b938b69dcebacc2708 |
| SHA256 | 7da8131cd8c59b58fe8f54bd07185ba244a2a861a75c3b7e4012d55d7264237b |
| SHA512 | 18bfcd0a3f59c3f1a8080f3f3b78d11766888eafb1c6a3d072fb7cc03ebfb5017126e5edf60fd6835afa1d1401dca5581c27f09122aaaae2ccff58367960722e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a7082d22d39be092a1236c5f3b132bd4 |
| SHA1 | e55f6615bddd936441c4ec782b61a4dd658256ed |
| SHA256 | 92989805fecee0945d1951abfc2aa1fbd2711abf470641b0ca18589bfbf791b2 |
| SHA512 | eb0e60fba816fcbf6000af06b9b9883d117bcaf55779f5274be3d6e80629819da2053d159f80c4c2ba5ac092db76e04dc0f9f01e0e9a09273eab800f0a4e199a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77
| MD5 | 9a334bfd5d0fd0f25bc3a07ba563581d |
| SHA1 | 720523b8d88103b98e7788951437e1499b5fa25c |
| SHA256 | 0b6aa76d0f006573521aec48a9d3565c0b47294a0baeb5af3ddd6e106b7acef9 |
| SHA512 | f81740315692b2038cc601edc7f70b94b236907e2c299e568495033e1e10ab07235254b38a8bf70a3c55495cf4a54fa9a87af7786ec86443218250028fce48a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77
| MD5 | 5bde26067dd88f870139b9f9cc7a4252 |
| SHA1 | 7744a62130d473991e3b320180912f7caa5f67a8 |
| SHA256 | 6d1e6b4cd3295f9a6a3a86c57b4aa151d3641552c1b7de888254eeb84cfc0cfa |
| SHA512 | 53b17d0aa1a61e54123020626b8812bf17be96a1892c1aaebe89976085787cb74b0eb787a3ca2a509f3af88f48fb2a3d30a33d6e0fd7d171b59c03e7e2bc02f7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RL6LRLZL\api[1].js
| MD5 | cc9da74bc51547f7da14aea584e7bd4e |
| SHA1 | cb70339c904703d3a88777889e63b867a04ab2d1 |
| SHA256 | 9d640e16608a79d4f95372f1dd9c1edf1322993b6f0d6ec224ff0f01d2053d64 |
| SHA512 | ed0db4f2338a41dafa1fca57c08706f5fd9a201495a05c5d5970a47f85e2214497deca3000cfde78f74a97a3a831c3fde934a141cee3dac4b18952e8d53f1389 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05714651\KFOmCnqEu92Fr1Mu4mxP[1].ttf
| MD5 | 372d0cc3288fe8e97df49742baefce90 |
| SHA1 | 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21 |
| SHA256 | 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f |
| SHA512 | 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05714651\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf
| MD5 | 4d88404f733741eaacfda2e318840a98 |
| SHA1 | 49e0f3d32666ac36205f84ac7457030ca0a9d95f |
| SHA256 | b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1 |
| SHA512 | 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5 |
C:\Program Files (x86)\FastPCTools\Fast VD\vcredist_x86.exe
| MD5 | b88228d5fef4b6dc019d69d4471f23ec |
| SHA1 | 372d9c1670343d3fb252209ba210d4dc4d67d358 |
| SHA256 | 8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8 |
| SHA512 | cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8 |
C:\Users\Admin\AppData\Local\Temp\Setup_20240510_000507191.html
| MD5 | 119457d52d28b5f2ccc4e3458f826aef |
| SHA1 | 03bf5a9830668cc2973ffe24c35666d38ba40f9f |
| SHA256 | e37d5a3de850fffe560dca33b5d2faaf55a120689b4c712cc9809c68885b228e |
| SHA512 | c13e0348a4a7721b9c7ccf0572bb7631cbc94aeacd5baecebdd64a81de828ce9fe42a83098872978fb782f30d682d12234837db43acf3389a897d95e3575c8a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23df91c7154b319f167ea36209fb17ac |
| SHA1 | afa1f4af28251e29c5cde55f8873a60356e357ad |
| SHA256 | 5b6217f9223b06482853e15975e4508cdcf0ca54d4ca708a9fb4a0662932e5d8 |
| SHA512 | 8ad14ee0322c1e7755ef7a728aac7158cbad59eb01cab2a0fd9d455d9496901452dc9bec512eeba95c4d08f72c014386c58ccb6568cb4fa694b7d7319717867d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea7155fe08827a594d36c4d27aed48d3 |
| SHA1 | 976f2496a6dc3aacf5e031c149d3d9ba240e2ad9 |
| SHA256 | a5715021b7939243f40854ff40d57d458f137156952a8266fd9122c889522e8a |
| SHA512 | d4be65e195f6c370fd62d054a99750868d4ca66d22d59f7e1c50c5e2b1f9c5ccdd393ff3e22b84584dcd1c4ba3e41bb8465051fce4be70e41e6d331f7490e39f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd6c1e20a95cd3d7d18f4dbe3de0d0f2 |
| SHA1 | e20c5f309834d8ff454e438110dc7ab82ad46d6d |
| SHA256 | 98cb96a6b5c390629db4cc727ef7df9f5bf0b0322f6ce3eb37824c97f5afca7e |
| SHA512 | 77a17c2f6009700782dff24522ef7f0215321b54c5c10590289d5b9cb908b64b7a150b21b3bbb2984d645998988f830c8ef9096519114f486da89120e683c5e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e104f917862893e80ec5a02f8e41f67 |
| SHA1 | e1fbd72d8c91952a47f251cf5ed81ab7fc34814d |
| SHA256 | b7f874a52d55e52886df2732dca42476ac7f1403badaf884d111d12feaaf8f82 |
| SHA512 | 605d5c1947e8dbb296e6964a60c1208dbb6d98fc2c79bef08c13e32436bd5714c0de8301effe486bd4026794d8601aeb6f8ed89a272e03879e1b49f9d6fb0453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02b176446faadc2807c1564864459591 |
| SHA1 | a3442f6b9f6105069600f14ffce73beb69930783 |
| SHA256 | 58e5657bdbcaa28fd7503cb66c12b510c9ac6ae89759ab4bbace4cdf7699a573 |
| SHA512 | 72500cc1fdfbb7af04655b9f2f9e70ec65f0a5d1a543d6fc4f775254367042fbec4555708289cf8ca5c01d672aa0aa8419d90ff3de6ffa1426dfcd0d3962bc3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e780a961d78a57afaf116e7be2af8c4f |
| SHA1 | ae7e8549b112ef8fe591ae043cc951ecce268276 |
| SHA256 | 964a9224abad299f1bd8fd8cb334c4c63f6af24a37c639b68df2ec0da0da3c4b |
| SHA512 | c910a7a5ce16580149a63ed7f5c12573a7863c384f99b20ad318aa2ebe4caa950f6fbad70288123a29b8aa1412a6136f9dde896e08cec7493cc3b796838d004a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b3a5a9915e8138ad167247210aa6a87 |
| SHA1 | 151084556a5ac01db0467dbf5d38797efd9a9af2 |
| SHA256 | 073f2b1960a967a871562c6d2af3aecaa77b378fda6d5b937d9d82be2c7b76a8 |
| SHA512 | cd890d8f53f43bd363033fcacef514e594979a0e6b3ff822444efddefca1b93f012581f94f570e8a65012be13c65d2671888bbaa3a238e8e79ef500102ce13ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34f57d194c991bdf6112ee6c4a1f1749 |
| SHA1 | 8a804669f12e6b1c93cf8b6d98b448b3b26dc572 |
| SHA256 | 37d745aa2e62842f21364ce832ca415a6e619167c5b6b42b42c07d7b910d22f8 |
| SHA512 | 0869208c5040db415c7c8ba9380a784040abca92f522bb9ddb74dd64bd4f28331d842411f2c01f50df53b28ab666c90b1168d16f51c53ee31d4e91600752a116 |
memory/3200-1864-0x000000006CDE0000-0x000000006CEA8000-memory.dmp
memory/3200-1865-0x000000006CB70000-0x000000006CB94000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aa180240c2342200adac5ecc1c931ce |
| SHA1 | ca38dc1eec64f25c42ed0c4d64e3f388ed3950e6 |
| SHA256 | 09f7c5cdff099f4b8d0842e3e07db6332eb55953e8948a6f8b5218491827cc5b |
| SHA512 | 9a7bb87ae422398b04e28d69526b7f7183b5819b4736b394e5e14281bec40e9dfe3cca80f3fa10588460065a9db0085f0a7838cbd04a8b8b78a6cf39b4026fd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 70e7971952d477bd3172d6e83224f18e |
| SHA1 | 64eaaafb2ce2925cfd9340c76808e8319d9c083f |
| SHA256 | 7dffaf946b9a04b0cc64d6c9240fcc26a5dd2c96f2ef9e941c3d4773a3dd5601 |
| SHA512 | 937219144edbf30c79887b1fc6595b2dac01c348ae60e11fe4334f12c96c930f62feac06935a1a0e734ce951e5c9839f6ce281394e4635eb8b70612cf61c447a |
C:\Users\Admin\Downloads\Unconfirmed 41323.crdownload
| MD5 | 510933816d118b7070a0ab6bb8f5df16 |
| SHA1 | 4990028ea2dbb5ffd99c858eda751a1a9cbbb5c6 |
| SHA256 | c183174f116798484600020d7b637854bd3d36fc92d7c2548452a37f6ffab3de |
| SHA512 | dbcc14a49aedbff98614458366b86a96c8a0a593191e113e12f297265060dde6a7a885a37bfe2b631612101eb123c46600d28dfa9fff56291242f338d2444239 |
memory/3204-2061-0x0000000000400000-0x0000000000818000-memory.dmp
memory/3204-2065-0x0000000000400000-0x0000000000818000-memory.dmp
memory/3204-2066-0x0000000000400000-0x0000000000818000-memory.dmp
memory/3204-2064-0x0000000000400000-0x0000000000818000-memory.dmp
memory/3204-2062-0x0000000000400000-0x0000000000818000-memory.dmp
memory/3204-2063-0x0000000000400000-0x0000000000818000-memory.dmp
memory/1904-2070-0x000007FEF3610000-0x000007FEF364A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 270b8ec033d5d9bf149ec2f413658a9a |
| SHA1 | e1f02f7201268ef2287d9bb65c93269d08ca2fba |
| SHA256 | e23341e48a0a879802c11e56019f8b111270260c6b299bbbbe6be3a123f27135 |
| SHA512 | aae491951a483d8ce7f3a19c6a8856f6fd310e565f158d1e561c6b0675d7fb66d2e2325d33ffa08478bd174e6fcb8e2697106ca78293cccaf61648b24b0e55e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d4ebe5e49810ad378eab8671cccd9c60 |
| SHA1 | 2629f2ac4d13a0b4e62397abda829313672c996d |
| SHA256 | 21bace050f840eb5ba99983e606706530dee017d67f118bbd42f8b230fc8c575 |
| SHA512 | 89259ba6198c4a39dd32a1463d132a4bbada886a76cfaec4c1e11da27f4acaad21c4bf59488b2da27aaede7076b8378dff2739cf492976b5cc651f54c97ce7a5 |
memory/3204-2088-0x0000000000400000-0x0000000000818000-memory.dmp
memory/3204-2089-0x0000000006700000-0x0000000006702000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q5AB1QL\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
memory/3204-2098-0x0000000000400000-0x0000000000818000-memory.dmp
memory/3212-2099-0x00000000045C0000-0x00000000045D2000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1ae9c197a1bbeb07b3c1f22e3e36a1f |
| SHA1 | b07bc61223d054249b1668d4cce7126180e926aa |
| SHA256 | c1c751f64161d6a1c92334229a7aea6a6f1773048aa6357752ac78d75edc832f |
| SHA512 | 2db1b35084eef8d3ec6baf3f623422fc0df4666de4cd6f5d2aff659d925f5e0a353d9eb6a1ff3371de5f30d4dedb15f892ffe5a7bcc679e910e4ad75336ebd9b |
memory/3212-2127-0x0000000006410000-0x0000000006430000-memory.dmp
memory/3212-2129-0x0000000020AC0000-0x0000000020DDA000-memory.dmp
memory/3212-2131-0x000000001F030000-0x000000001F03A000-memory.dmp
memory/3212-2130-0x000000001F030000-0x000000001F03A000-memory.dmp
memory/3848-2138-0x0000000000070000-0x0000000000191000-memory.dmp
memory/3212-2143-0x0000000004870000-0x0000000004880000-memory.dmp
memory/3212-2145-0x00000000048A0000-0x00000000048AE000-memory.dmp
memory/3212-2144-0x0000000004890000-0x000000000489A000-memory.dmp
memory/3212-2151-0x000000001F030000-0x000000001F03A000-memory.dmp
memory/3212-2150-0x000000001F030000-0x000000001F03A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3f843087-b169-4bb2-952c-6c6e51d2ae2d.tmp
| MD5 | fa0c2681536a456fd860785c77bc7d44 |
| SHA1 | b145ca8f5e4bb2adb0b97a07685e1847c0d3332d |
| SHA256 | 45d292ce6452c2cd8450ccce90c7a599fd7175fbcbbac673c1d77d62e1882aeb |
| SHA512 | 1a16772412e8ec8a4ce0becc164a66ccda3c2f8aacda2a02b5ec05128fc71167576e73d193e9e89ba8cc1b41b60bb0dbfddb5910ea14fcb08f6a7084d0695e82 |
memory/3212-2185-0x00000000223D0000-0x0000000024202000-memory.dmp
C:\ProgramData\iolo technologies\logs\bootstrap.log
| MD5 | 1403200455b3b61fec10dbf8fd9c0df4 |
| SHA1 | 5c4999d7a97e8161d98693b2f35b22450621e03f |
| SHA256 | 80736b049bf63b9fcc9078f76ab3e759135b12123af23aa65800ca260d66fd92 |
| SHA512 | 215a15fcb3263d45c76b4c729d896b3cbcf22cbaca33ec1baeca6ad89a0f5719cad342471fbcaa42a4760221da4742be0aa52f69eb09f246aef0d315cdfd1db3 |
C:\Windows\System32\drivers\pgfilter.sys
| MD5 | 9299ad7e74520064827f65fb3cb6d1c7 |
| SHA1 | 447931db731dee6de49e7ab42aedf860c7a3eec1 |
| SHA256 | 1ce69bc9dac794e1afa39fbd977531742f0791d4ff60a1b86fa64783be252f04 |
| SHA512 | 1c281fb1acdd7b7e97cda16541d526fdba2a3eb809a709239e3a32b1fc277bf2789fdddfa835b887f65c42a4034905694308da3b35d49745c49de6594f1e3bdd |
C:\Program Files\iolo technologies\System Mechanic\WPF_Driver\release\win32\nfregdrv.exe
| MD5 | 92a6df47283b49b207045fa7a4502bc1 |
| SHA1 | 718e9ff5f0fd9143de4f8fcf135d78165f991e9d |
| SHA256 | d714695c9775bd7dbb1fa40882bbe03216acb3994b94514a68892454eada0358 |
| SHA512 | f2b08a4ae33e87a786fe25a2d902c8acb002faa4893a1f21d5608cbe070477af1b9c553c8960486a65089ad1e0be1491cb93cc60da9f3394c893525fa075d645 |
memory/3060-3157-0x0000000000400000-0x0000000000B3A000-memory.dmp
C:\Program Files\iolo technologies\System Mechanic\SystemMechanic.exe
| MD5 | 790cacd567d86604554c76fea3b2f2e9 |
| SHA1 | db19e29ee1b79d728223cabaa2831dcf016fd2c8 |
| SHA256 | 3ee5a05f6843c07b85d818c55621ff1040fd8c3c6a3281c791f665add9b9b2b7 |
| SHA512 | c83cefda818f36fc91bc74d9aec972e316c6f884b422d3f04a65428adec7d295c451334cc1831f2390a1ce1659916ba95a4b6977ac72dc4c88045a7064e78111 |
memory/3212-3170-0x000000001E770000-0x000000001E778000-memory.dmp
memory/3212-3172-0x000000001E860000-0x000000001E91E000-memory.dmp
memory/3212-3171-0x000000001E790000-0x000000001E7D0000-memory.dmp
memory/3212-3173-0x000000001E7D0000-0x000000001E810000-memory.dmp
memory/3212-3174-0x000000001F8D0000-0x000000001F95C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q5AB1QL\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 23:58
Reported
2024-05-10 00:01
Platform
win10v2004-20240508-en
Max time kernel
93s
Max time network
99s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpg
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 2.17.196.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.196.17.2.in-addr.arpa | udp |
| BE | 2.17.196.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |