Malware Analysis Report

2025-03-15 05:44

Sample ID 240509-31f5qshh34
Target 685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpeg
SHA256 ea6e16021eed02ec0cc883299f56a2768e3900b5246b1c91b776d05432019fa8
Tags
aspackv2
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ea6e16021eed02ec0cc883299f56a2768e3900b5246b1c91b776d05432019fa8

Threat Level: Likely malicious

The file 685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpeg was found to be: Likely malicious.

Malicious Activity Summary

aspackv2

Downloads MZ/PE file

ASPack v2.12-2.42

Drops file in System32 directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 23:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 23:58

Reported

2024-05-10 00:08

Platform

win7-20231129-en

Max time kernel

243s

Max time network

523s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpg

Signatures

Downloads MZ/PE file

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\taskschd.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\system32\taskschd.msc C:\Windows\system32\mmc.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2804 wrote to memory of 2944 N/A C:\Windows\system32\mmc.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
PID 2804 wrote to memory of 2944 N/A C:\Windows\system32\mmc.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
PID 2804 wrote to memory of 2944 N/A C:\Windows\system32\mmc.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
PID 2424 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpg

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe

dw20.exe -x -s 1084

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5229758,0x7fef5229768,0x7fef5229778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1512 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3272 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3224 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3652 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3832 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3848 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2556 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1852 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ 3.0\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://softonic.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3192 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2308 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:603146 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2748 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2472 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Users\Admin\Downloads\fastvd_bc.exe

"C:\Users\Admin\Downloads\fastvd_bc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-QT6G4.tmp\fastvd_bc.tmp

"C:\Users\Admin\AppData\Local\Temp\is-QT6G4.tmp\fastvd_bc.tmp" /SL5="$701C6,2374885,175104,C:\Users\Admin\Downloads\fastvd_bc.exe"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im FastVD.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:275476 /prefetch:2

C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe

"C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe" setupinstalled

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:734222 /prefetch:2

C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe

"C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe" takeaction ZmZtcGVnRC43eioxP3ZpZGVvaGVscGVyRC43eioxP3ZjcmVkaXN0X3g4NkQuN3oqMw==

C:\Program Files (x86)\FastPCTools\Fast VD\vcredist_x86.exe

"C:\Program Files (x86)\FastPCTools\Fast VD\vcredist_x86.exe" /q /repair

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

\??\f:\e73fc675584278f0678573e1fb0b3a4d\Setup.exe

f:\e73fc675584278f0678573e1fb0b3a4d\Setup.exe /q /repair

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1912 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1728 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=540 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3916 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3872 --field-trial-handle=1368,i,10196036826594481448,12257556531038180896,131072 /prefetch:8

C:\Users\Admin\Downloads\smpro_dm.exe

"C:\Users\Admin\Downloads\smpro_dm.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Users\Admin\AppData\Local\Temp\iolowupd\SystemMechanicProInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\iolowupd\SystemMechanicProInstaller.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:1586198 /prefetch:2

C:\ProgramData\iolo technologies\googlecriteriachecker.exe

"C:\ProgramData\iolo technologies\googlecriteriachecker.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:209982 /prefetch:2

C:\Program Files\iolo technologies\System Mechanic\WPF_Driver\release\win32\nfregdrv.exe

"C:\Program Files\iolo technologies\System Mechanic\WPF_Driver\release\win32\nfregdrv.exe" pgfilter

C:\Program Files\iolo technologies\System Mechanic\toolkit.exe

"C:\Program Files\iolo technologies\System Mechanic\toolkit.exe" /regserver

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:1455151 /prefetch:2

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloActiveCare" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloAVDefsDownloader" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloSystemShield" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ioloTUDsDownloader" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveMessenger-PrivacyGuardian" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveMessenger-SystemMechanic" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveReporter-Phoenix360" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveReporter-PrivacyGuardian" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveReporter-SystemMechanic" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveSync-Phoenix360" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveSync-PrivacyGuardian" /ENABLE

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /change /tn "\iolo technologies\ActiveSync-SystemMechanic" /ENABLE

C:\Windows\system32\netsh.exe

"netsh" winsock reset

C:\Windows\system32\netsh.exe

"netsh" int ip reset c:\resetlog.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 www.google.com udp
US 216.239.32.29:80 pki.goog tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ogs.google.com udp
GB 172.217.16.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.179.227:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.118:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 ia803405.us.archive.org udp
US 207.241.232.195:443 ia803405.us.archive.org tcp
US 8.8.8.8:53 softonic.com udp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
BE 88.221.83.219:80 www.bing.com tcp
BE 88.221.83.219:80 www.bing.com tcp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.232.195:443 ia803405.us.archive.org tcp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.200.4:443 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.fastytd.com udp
US 8.8.8.8:53 www.fastytd.com udp
US 104.21.31.160:443 www.fastytd.com tcp
US 104.21.31.160:443 www.fastytd.com tcp
US 8.8.8.8:53 www.fastpctools.com udp
US 172.67.180.12:443 www.fastpctools.com tcp
US 8.8.8.8:53 fastytd.com udp
US 172.67.178.68:80 fastytd.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 172.67.180.12:443 www.fastpctools.com tcp
US 172.67.180.12:443 www.fastpctools.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:443 widgets.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:443 whos.amung.us tcp
US 172.67.178.68:443 fastytd.com tcp
US 8.8.8.8:53 fastpctools.com udp
US 104.21.96.119:443 fastpctools.com tcp
US 104.21.96.119:80 fastpctools.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
US 2.18.190.80:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 softonic.com udp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.232.195:443 ia803405.us.archive.org tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 svc.iolo.com udp
US 20.157.87.45:80 svc.iolo.com tcp
US 8.8.8.8:53 download.iolo.net udp
FR 185.93.2.245:80 download.iolo.net tcp
FR 185.93.2.245:80 download.iolo.net tcp
US 8.8.8.8:53 download.iolo.net udp
FR 185.93.2.251:80 download.iolo.net tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 api.playanext.com udp
GB 18.245.187.59:80 api.playanext.com tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.200.4:443 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 8.8.8.8:53 www.iolo.com udp
IE 52.31.93.31:443 www.iolo.com tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.200.4:443 google.co.ck tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp

Files

memory/1652-0-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

memory/2804-1-0x0000000002130000-0x0000000002131000-memory.dmp

memory/2804-2-0x000007FEF445E000-0x000007FEF445F000-memory.dmp

memory/2804-3-0x0000000002770000-0x000000000278E000-memory.dmp

memory/2804-4-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-5-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-6-0x000000001D3B0000-0x000000001D6F6000-memory.dmp

memory/2804-7-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-8-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-9-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-10-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-11-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-12-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-13-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/2804-14-0x000007FEF41A0000-0x000007FEF4B3D000-memory.dmp

memory/1584-15-0x0000000002850000-0x000000000286E000-memory.dmp

memory/1584-16-0x000000001D360000-0x000000001D6A6000-memory.dmp

\??\pipe\crashpad_2424_ZHDWWJDPTZFNWLKA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd519bd57a2da6d45e89f46f83dff8dc
SHA1 6e10f3fd0e5d8797a9c109a191542c192e787835
SHA256 d8d479a896424f97bc420b65ca03bb485e7cf0592b194e319112ffec72a15f45
SHA512 62fc52278fd3ea5292342fd2a8d066dd26867fb376bd787af1189fe52e5abd12b015ed42ae47a08e1a929e692b20666e0558dd2ac2bf535632176963b71f149d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf796b12.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 46c987543f7fe02c7ca665590c476322
SHA1 46f46ba4f9e644938b306ae3f06bc25dceb07356
SHA256 b21482baf2ef8b05841e40bf7745d8a966aecfbf8d30e50a3430a7965c74ee38
SHA512 804431ce405767a38cf71771540be75b7b1917f49f212559accef34e9cc2b909c3c208bc011671b2e9420192267ea2596b3b32d5d55814f26265ce0bcaf72eaf

C:\Users\Admin\AppData\Local\Temp\Tar761F.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f63bbfcb3894675cbb38e67b374f026
SHA1 546b6d983e56de987007d0860a5154cd0027f681
SHA256 5b3b152b7b8cb5695eaa6e09fd96e3be54e193edfb9e3491b4e1dc14f16fdee0
SHA512 65a17dea0c014a42f841321efdc5ab810331cd455747b7916b5c08f49f84b2646c88246ad75295b2955024d5f13bbdb18df452ea3219deb6b97c749277447ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c54d5990124234c8ea7e49e146225761
SHA1 cd640a37e67b36583be290d91804dc2c1e533e3d
SHA256 3753be9d7a6e1a604a731097c8a6f012bd4df59fe0cd4952822c17188f790e7f
SHA512 367c13234ebe4e6f1548103dd3b6ded0571cbeb2e5903377ad0796852e816ad76686a588359cd07138871181efaf0679bff6cec6d1c9bb564f21c687eeba3474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 6e52a644708109836adae5b691622755
SHA1 fa6729b150828dba23c6cadd92c6b524529ccb9e
SHA256 9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e
SHA512 6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56a5018babdc1603efb49a007ec7c579
SHA1 d0996a70fdd4b0bb7779f4703798f4240562278a
SHA256 2f69ae023d67ede3f75a7adf95381765a9e61eb53b4c17820f3e24deb5b305d6
SHA512 b9f5d87707fc4d426838310f51b8a1df1b6af4da0c963afa2f0ab3f303efedc5d3b290a70b0c159a2bfd29af34e75ee12eb1138347992c690ffead6231c7fdb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf79c8ea.TMP

MD5 e3b380a21bf6b63dcfe87981e0bc4a2c
SHA1 c7f84d9991cc1c1ca190cfa3a6715ac8cc4591e0
SHA256 30da8c6d1f4ddea54b4c20decbca22a6785d59b0f0d5d85cf3d5d341ea9c02f8
SHA512 cb6ae7075076e8925a9587f96e4185b7bec408964590a22c2dcc666aa7e7fa0456160ccc442fd7a5e9d2b9302c7162130354062b6cf45f0d030029da865acbb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4534583e9dcaac327a5557bf15cdd1c2
SHA1 a617f3e15938070beab7f341ba03a59ae98a1dcd
SHA256 e9c7968701d3cb7bcb6d95c61543dfe7fd4315f873cdc88c89d01b07a1cf60c5
SHA512 40c8bc3d44b483a76331508abd02c00ecddfd4fe59a6f1a0e40fcd4630a116c5ab73a5a9edeb43acb664025350c6b05edd1b55a30e0c171f6451fdda98e52903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e59de4ce139065a299c569bd3b63b1f
SHA1 e62a9e05f4e2157dc86f377823502eb1cdde4d05
SHA256 54ec04672f75f185af62c966caebb9fa65184c3233562f8066374e9a5d433578
SHA512 e3eb4af6ba33ccf04c31fdb15f1b8f5ded0915e53bc7938db41fb3befc00e29ea6ed00e82561aaa17e6fa56db05604544469cd52afdc2be6bbbf4d09326975d2

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a48e8f973c775982768e8f3d963a0dee
SHA1 f0e66bde0f27f60189207c194eba25fa0c0a1513
SHA256 de1173b025fd976d15a7cea27cee2fb797defa5f6a1cb2b0d9fb631b36c97589
SHA512 fbc4dec46064282fa9479e588fa83a044645082d161917f7f56db9c29bff087c787a955a099cdb9555e72029609e1ecd6daf8bc98c5f950cd482174477a347f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef979588ffc4301d16ef6328799a27c2
SHA1 c9b9b7c51a393b8910d013e88203752b9cfd872a
SHA256 b698c699149f3a465c409c3f67de5a35858e6485ad21b3fbb1b4d1f097184f2a
SHA512 2a203a8f94bc96b68423a42f9afd669a6e7500d013b2929a4967473a5964902d3199254b5c1f2b78e128ac98cf138cdabe6353bb61341565e50d25ea8a6d67e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67d94b59171b04dac206a9066f301147
SHA1 5fb5462ac6a3bf32aa65d2753f39d5f56c3d7e15
SHA256 086b2c13ee03ba1f59b574202120edabf2ffabab378e836aa1c6c8131335763a
SHA512 a1de7ab5d5686729f1fc8df2e9da58ec45f22b3b5056a0406430a27f0b2c0fed97b5c5bdd612d2568481513a86546583cd295c2f42c203839b0fdd7ea8c15c20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73c24f4de6daf3c19c39fae17d08cd48
SHA1 47d6436c6d4b618e4013f20f2a2bd76ae5e14ede
SHA256 84b9c011d315ff399a4b5470fc3a530ae4e58b86b137a0f267fa28fd47bea4f6
SHA512 671a7bcfbed84529d09a0e25c8873ba121e735932cec40a6042055e80771efba472a066282d9bf5b5f5a1935531e58458590e29a0844763d6cb8a3e8c152dd76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b4c4db9fe9b7f830ec1c7c2aada6b514
SHA1 d1b63aa722cf236c7025f99a7915d09de90171ae
SHA256 159213c40a8c3c2ee9adc45ba9e0953ec571acb24f4eb4c86d3b9c728a2e19bf
SHA512 9a019a0daaa0c8b633d699b5c2144f5332c4d958ae435d48de708d2b77413cf5000e5b743ae4731bf6070966fd2aea1335323ba74a5ad45eb9087362be710e7e

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\Downloads\Unconfirmed 943246.crdownload

MD5 a0378602cf315717fa81478cd7a8b089
SHA1 0a029a2f6ba84600c379d8dba629a2d07f5345fb
SHA256 19cbb97c7efea408067522a621aa649d2c76a2758b43c327e64a96c8b274094c
SHA512 f45e1c18147827556cd59477de4600c43cd54fed80d5b4ea6fd058889dcf6677d2ba545f00155bec6871001e90aa6a1b52f9106875a666cdd1d05455f4492ddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbfeba34920beb641c8af591e8f549ea
SHA1 44fb9cc1d353740c74b6c5fd44039f4e906d9f13
SHA256 6a84e3cbf4f21ce2ed4046d1821f6eb42f8ee75cca4603d6a017bfe216e2493d
SHA512 900f4c2921c6ca6fee98c6b8b46b414c301fd999be9ab1792527c88047a4a5d15c45aa54e1786a0af0087ef2ec2620ac9ab1fab06666e340e74b07c3e5effa8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q5AB1QL\recaptcha__en[1].js

MD5 add520996e437bff5d081315da187fbf
SHA1 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42
SHA256 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
SHA512 2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05714651\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 a879f13e047dcec90f4f29b0962bd5ff
SHA1 13f19c5697bf3d6255add004286506b8c86d24e5
SHA256 9e290a3969b5d8d4148c5d58c7b0f34ca26579842732d0f30c5b8f325651c841
SHA512 653e08d27c7d2dfd3762bd8d6a77605ce30426a0f900365fa39988ce1f52ee8d9e4a971addaf3485500f6e64ee39decfa5ab75137d3c5f0b7a7f9b7295c9f685

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a8070be439afbf024b3499fc3dc1604a
SHA1 5a08c0e626de4d20baa4f95b504164f3141106e2
SHA256 7a2754d6ff08241ec036bce3b89eaa4fb9664031c7055dd898f599ebe3945349
SHA512 fc230d8abca20e6481ba7d2a36b52f59ae73e32d50d9a480487ea153a25b02f4a772b1b39991343e712a0b2f04ef5d84e38e9555b03473d7b0048809c21d0b25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 879d880880703d93b0b8d8461fe6c32a
SHA1 c9da4aebdde3dc4200a022e159c63ca702b357cc
SHA256 1fd7ab8683840c6328bb64da3442ccc7edc79cb19a8cbaf1bb728ca01ea390aa
SHA512 baceb4aea5b36591c1ecac25314e0ac52986a6b63341c698d99dc292671784fdf64b718fbd4360bb13c32c42a6d1b2d0b529ccaf6f628ac2a40418df23d013a5

memory/1576-1061-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-QT6G4.tmp\fastvd_bc.tmp

MD5 48204bcf63ba2ba5174daed79c7f3084
SHA1 af69664a959b930b4a7785a9d52fceca9e08f4e6
SHA256 38f20ccc4bdd9c88dd8c20b6b8de0ec6b5a173ad442595c65d470b293a84d778
SHA512 ea8df837880ea624a9fe439471e70edadf3adf8bdb3beaf9cdbf4bc9d1e2d56b14dbb6eb4b10a24293f159dd10971c73081906c52ec792fb669af5e075de9283

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4ECKCBY\styles__ltr[1].css

MD5 2c00b9f417b688224937053cd0c284a5
SHA1 17b4c18ebc129055dd25f214c3f11e03e9df2d82
SHA256 1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed
SHA512 8dc644d4c8e6da600c751975ac4a9e620e26179167a4021ddb1da81b452ecf420e459dd1c23d1f2e177685b4e1006dbc5c8736024c447d0ff65f75838a785f57

memory/1468-1079-0x0000000003780000-0x00000000037BC000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-MO0F5.tmp\itdownload.dll

MD5 d82a429efd885ca0f324dd92afb6b7b8
SHA1 86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea
SHA256 b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3
SHA512 5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 684678ad34765118843efa31dc7a1841
SHA1 9364a8facaafa09368c6d8ef26005cb7cabe38d5
SHA256 24233608c60d8c8bcc17bd04b53d86bdb7d2725404014260295b9136fda7461a
SHA512 a4811902c077181234fcccd7a7699d4f06b56696750c7aebe52d9ea7fad9093a70bdd9207144f9de1e597e47ad846fc76796f9f6195f6d620632374da301d562

\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe

MD5 e0b39d5af41479b058fb09c60eac8f1f
SHA1 45b33d10a9cceea66da34d5cdbd2bc5a20834e77
SHA256 f7c261ee3d021906f08b974d4ec7cb4a4707a1a22c3962a76ad025d8656f2238
SHA512 2b1f3432f6333417f51f78ef217f119a42b5ab83b5dc6ef06f6a4617ff1191733df97f954f5881998fe5e1135eddf414e984b9a9dcd29c34e148894a38c78330

\Program Files (x86)\FastPCTools\Fast VD\unins000.exe

MD5 e674abb33e8644f43e233053c50a3783
SHA1 c095a65ff69ef07747b3f5c455423e2440bdc5fb
SHA256 f15744e5a015ada75b5a02f83cefa1d9829ba7fbb8fd3b1e8c7583459ecb750a
SHA512 6dfb97bebf6d62d9d8791c498c0373f571a370af7c9113375797f151f5fa3478802374eb6ebd68496f043426318edc9c54d9b56bb0c688c48cd1bec58fd4776a

memory/1576-1175-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Program Files (x86)\FastPCTools\Fast VD\FastVD.exe.config

MD5 b22c0f0cf492fd76509b1299023488ba
SHA1 d59dd43ef748abe7e087f3f0960ad72d87a0c1be
SHA256 1f433eb40043e0fe347d682f5384a041ce06cbff27e1d3cf5697f23d176c4907
SHA512 673fe22eb0283bc3b734908ee60349ff66af24868cae5dec903e7d56c441bfb7337c99fb85eddad1ae84b8534895627b1d70b74e4ed69cd7576300ae5f8f6ecb

memory/1468-1174-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b6e71adf7324685d8f60c97bdb99f892
SHA1 ac45dd58c3dfb5d68ffdbc27817f1e5ad5720830
SHA256 40a181e9a8b85b862afc89a604eb290be3b5cd68937feb9ccfc467d3589e8e5c
SHA512 f864a712e300632059c0678ff5f54412fc7f7a1db02e469bcdc77be452886b55cd3d08ff51076278d1a21b091b2fc459e30c53b0d8e8855dbfefa59f0ee4cea9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8750380a1f1d7cafe52f41fcec11bbb2
SHA1 3130f3fa43ced6b3b35814f1a005daab36d15388
SHA256 8dff8614a5bd24ac017323c5f7c7f85362a928d5d3460629c1871ac5327daa85
SHA512 4df75da2bbee03e63d61e0b647990c02aaa857fec01b3f89fca85c894f95e8412a5aa7856554134a0c7b2b4714cb30d46559ff9055584acf113d88ea52f8cc6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc0946310519964dbddf673c848974bf
SHA1 fbc09e74c9abeba8268717ec120ef9a0a3b238a1
SHA256 5758948d0bfbba99640104ada4464e8d0fcd9df16715ecc5c7ca79f0298bc116
SHA512 e2672f2e9130c61abe5cafa6da53b57f45e0ac46dd2c14bb7a40bfb557036cd138267d36c623b6a5ed168e71b732b24e8b2a752952dcf9061f0ba36d9780d32a

\Program Files (x86)\FastPCTools\Fast VD\Microsoft.Win32.TaskScheduler.dll

MD5 936ace863919b97a08073aa3b5ff8f70
SHA1 b0d2ee5e28df893ea415238b0dd9b19a731b322d
SHA256 4a73cdce423fd3ab79a45f73e88f529f03561f77db9bb2bc12471de984e872bc
SHA512 917c53d11ecb75162649d9e6f6472662c9a6a443aae30b4caef78ce359f37b93ab59b2072f7807a4ddb6c9f1d7df194d2d5ef7d12328f17f23f9730f08dd9df5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ed0253ea5e9d8efbbb56a30858c2169f
SHA1 3d7faf0377964f06d209223774bac7339aed4417
SHA256 af58243607feec5e66890d8d5fc4e2e6a33a1625881cb21d2a384b8c20c21cdd
SHA512 6f26ed9f638d245d530737b670461b227cb60f3cd4a4b50c3f47a5686d29e4f38777a3afe95fd611749f89a147fe4cdd4f9bd2f1373faf059410a6bb2f941b07

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KXMYHSU8.txt

MD5 391b7f548f4fe7187f5cc34e3b5c8275
SHA1 3acdfe912a229c4d2b8566542dfe228e8f96b4e4
SHA256 bacc47483d01836c1429c137baef7ea8870e51704b05ff25676d627aa9e719b0
SHA512 01352e631d8d8130ecffad51521659aff569217802903fa10924fc7511674365573c908b867c8731ac87ab34f3bc66b06dab7a2a5d149d84f4983ff787f673f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2be1f0dfa0621533bac74c27f98f3a7e
SHA1 f94275b8893fbb9f1bc85fa0f1ee9c4c7890a02d
SHA256 89b0ced512e229d36f2fa42949edd27c3f0df1194de7955aab9d3c54aa029f2e
SHA512 de2aadc3b2861827ee83d929df36b21ab2020e683cde231e858df3748aec0d4a2b48cc9eec026257c38c335d7d70ce237f0109d7c59d0a8c893d73ccedfd07df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_BDF0A62055B2DFF981253B43C2036DE3

MD5 808e9c4d164cb3d3641b8b5a2c0a1b38
SHA1 3a9df848817fdbdc9ea314f930c12a9c13bec7c8
SHA256 453b0a7c86bf4f27a47a21d7dfca7fbbb3288151c8981a3786e34976a8f591a5
SHA512 2d9c17784f74076f9a126e0cd9f00b6d24429c83e05d48639cdf7b1f82fd9a8f5d309a96ab277219b37be1ef073a288599cbef8877303a0ec1dc7ed2cea09c39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_BDF0A62055B2DFF981253B43C2036DE3

MD5 d15bccb09fc60a7f9cf14a99fc5f2605
SHA1 9a027d62bae6babc57ccd7b938b69dcebacc2708
SHA256 7da8131cd8c59b58fe8f54bd07185ba244a2a861a75c3b7e4012d55d7264237b
SHA512 18bfcd0a3f59c3f1a8080f3f3b78d11766888eafb1c6a3d072fb7cc03ebfb5017126e5edf60fd6835afa1d1401dca5581c27f09122aaaae2ccff58367960722e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a7082d22d39be092a1236c5f3b132bd4
SHA1 e55f6615bddd936441c4ec782b61a4dd658256ed
SHA256 92989805fecee0945d1951abfc2aa1fbd2711abf470641b0ca18589bfbf791b2
SHA512 eb0e60fba816fcbf6000af06b9b9883d117bcaf55779f5274be3d6e80629819da2053d159f80c4c2ba5ac092db76e04dc0f9f01e0e9a09273eab800f0a4e199a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77

MD5 9a334bfd5d0fd0f25bc3a07ba563581d
SHA1 720523b8d88103b98e7788951437e1499b5fa25c
SHA256 0b6aa76d0f006573521aec48a9d3565c0b47294a0baeb5af3ddd6e106b7acef9
SHA512 f81740315692b2038cc601edc7f70b94b236907e2c299e568495033e1e10ab07235254b38a8bf70a3c55495cf4a54fa9a87af7786ec86443218250028fce48a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77

MD5 5bde26067dd88f870139b9f9cc7a4252
SHA1 7744a62130d473991e3b320180912f7caa5f67a8
SHA256 6d1e6b4cd3295f9a6a3a86c57b4aa151d3641552c1b7de888254eeb84cfc0cfa
SHA512 53b17d0aa1a61e54123020626b8812bf17be96a1892c1aaebe89976085787cb74b0eb787a3ca2a509f3af88f48fb2a3d30a33d6e0fd7d171b59c03e7e2bc02f7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RL6LRLZL\api[1].js

MD5 cc9da74bc51547f7da14aea584e7bd4e
SHA1 cb70339c904703d3a88777889e63b867a04ab2d1
SHA256 9d640e16608a79d4f95372f1dd9c1edf1322993b6f0d6ec224ff0f01d2053d64
SHA512 ed0db4f2338a41dafa1fca57c08706f5fd9a201495a05c5d5970a47f85e2214497deca3000cfde78f74a97a3a831c3fde934a141cee3dac4b18952e8d53f1389

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05714651\KFOmCnqEu92Fr1Mu4mxP[1].ttf

MD5 372d0cc3288fe8e97df49742baefce90
SHA1 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21
SHA256 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
SHA512 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05714651\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

MD5 4d88404f733741eaacfda2e318840a98
SHA1 49e0f3d32666ac36205f84ac7457030ca0a9d95f
SHA256 b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1
SHA512 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

C:\Program Files (x86)\FastPCTools\Fast VD\vcredist_x86.exe

MD5 b88228d5fef4b6dc019d69d4471f23ec
SHA1 372d9c1670343d3fb252209ba210d4dc4d67d358
SHA256 8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8
SHA512 cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

C:\Users\Admin\AppData\Local\Temp\Setup_20240510_000507191.html

MD5 119457d52d28b5f2ccc4e3458f826aef
SHA1 03bf5a9830668cc2973ffe24c35666d38ba40f9f
SHA256 e37d5a3de850fffe560dca33b5d2faaf55a120689b4c712cc9809c68885b228e
SHA512 c13e0348a4a7721b9c7ccf0572bb7631cbc94aeacd5baecebdd64a81de828ce9fe42a83098872978fb782f30d682d12234837db43acf3389a897d95e3575c8a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23df91c7154b319f167ea36209fb17ac
SHA1 afa1f4af28251e29c5cde55f8873a60356e357ad
SHA256 5b6217f9223b06482853e15975e4508cdcf0ca54d4ca708a9fb4a0662932e5d8
SHA512 8ad14ee0322c1e7755ef7a728aac7158cbad59eb01cab2a0fd9d455d9496901452dc9bec512eeba95c4d08f72c014386c58ccb6568cb4fa694b7d7319717867d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea7155fe08827a594d36c4d27aed48d3
SHA1 976f2496a6dc3aacf5e031c149d3d9ba240e2ad9
SHA256 a5715021b7939243f40854ff40d57d458f137156952a8266fd9122c889522e8a
SHA512 d4be65e195f6c370fd62d054a99750868d4ca66d22d59f7e1c50c5e2b1f9c5ccdd393ff3e22b84584dcd1c4ba3e41bb8465051fce4be70e41e6d331f7490e39f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd6c1e20a95cd3d7d18f4dbe3de0d0f2
SHA1 e20c5f309834d8ff454e438110dc7ab82ad46d6d
SHA256 98cb96a6b5c390629db4cc727ef7df9f5bf0b0322f6ce3eb37824c97f5afca7e
SHA512 77a17c2f6009700782dff24522ef7f0215321b54c5c10590289d5b9cb908b64b7a150b21b3bbb2984d645998988f830c8ef9096519114f486da89120e683c5e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e104f917862893e80ec5a02f8e41f67
SHA1 e1fbd72d8c91952a47f251cf5ed81ab7fc34814d
SHA256 b7f874a52d55e52886df2732dca42476ac7f1403badaf884d111d12feaaf8f82
SHA512 605d5c1947e8dbb296e6964a60c1208dbb6d98fc2c79bef08c13e32436bd5714c0de8301effe486bd4026794d8601aeb6f8ed89a272e03879e1b49f9d6fb0453

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02b176446faadc2807c1564864459591
SHA1 a3442f6b9f6105069600f14ffce73beb69930783
SHA256 58e5657bdbcaa28fd7503cb66c12b510c9ac6ae89759ab4bbace4cdf7699a573
SHA512 72500cc1fdfbb7af04655b9f2f9e70ec65f0a5d1a543d6fc4f775254367042fbec4555708289cf8ca5c01d672aa0aa8419d90ff3de6ffa1426dfcd0d3962bc3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e780a961d78a57afaf116e7be2af8c4f
SHA1 ae7e8549b112ef8fe591ae043cc951ecce268276
SHA256 964a9224abad299f1bd8fd8cb334c4c63f6af24a37c639b68df2ec0da0da3c4b
SHA512 c910a7a5ce16580149a63ed7f5c12573a7863c384f99b20ad318aa2ebe4caa950f6fbad70288123a29b8aa1412a6136f9dde896e08cec7493cc3b796838d004a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b3a5a9915e8138ad167247210aa6a87
SHA1 151084556a5ac01db0467dbf5d38797efd9a9af2
SHA256 073f2b1960a967a871562c6d2af3aecaa77b378fda6d5b937d9d82be2c7b76a8
SHA512 cd890d8f53f43bd363033fcacef514e594979a0e6b3ff822444efddefca1b93f012581f94f570e8a65012be13c65d2671888bbaa3a238e8e79ef500102ce13ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34f57d194c991bdf6112ee6c4a1f1749
SHA1 8a804669f12e6b1c93cf8b6d98b448b3b26dc572
SHA256 37d745aa2e62842f21364ce832ca415a6e619167c5b6b42b42c07d7b910d22f8
SHA512 0869208c5040db415c7c8ba9380a784040abca92f522bb9ddb74dd64bd4f28331d842411f2c01f50df53b28ab666c90b1168d16f51c53ee31d4e91600752a116

memory/3200-1864-0x000000006CDE0000-0x000000006CEA8000-memory.dmp

memory/3200-1865-0x000000006CB70000-0x000000006CB94000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5aa180240c2342200adac5ecc1c931ce
SHA1 ca38dc1eec64f25c42ed0c4d64e3f388ed3950e6
SHA256 09f7c5cdff099f4b8d0842e3e07db6332eb55953e8948a6f8b5218491827cc5b
SHA512 9a7bb87ae422398b04e28d69526b7f7183b5819b4736b394e5e14281bec40e9dfe3cca80f3fa10588460065a9db0085f0a7838cbd04a8b8b78a6cf39b4026fd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70e7971952d477bd3172d6e83224f18e
SHA1 64eaaafb2ce2925cfd9340c76808e8319d9c083f
SHA256 7dffaf946b9a04b0cc64d6c9240fcc26a5dd2c96f2ef9e941c3d4773a3dd5601
SHA512 937219144edbf30c79887b1fc6595b2dac01c348ae60e11fe4334f12c96c930f62feac06935a1a0e734ce951e5c9839f6ce281394e4635eb8b70612cf61c447a

C:\Users\Admin\Downloads\Unconfirmed 41323.crdownload

MD5 510933816d118b7070a0ab6bb8f5df16
SHA1 4990028ea2dbb5ffd99c858eda751a1a9cbbb5c6
SHA256 c183174f116798484600020d7b637854bd3d36fc92d7c2548452a37f6ffab3de
SHA512 dbcc14a49aedbff98614458366b86a96c8a0a593191e113e12f297265060dde6a7a885a37bfe2b631612101eb123c46600d28dfa9fff56291242f338d2444239

memory/3204-2061-0x0000000000400000-0x0000000000818000-memory.dmp

memory/3204-2065-0x0000000000400000-0x0000000000818000-memory.dmp

memory/3204-2066-0x0000000000400000-0x0000000000818000-memory.dmp

memory/3204-2064-0x0000000000400000-0x0000000000818000-memory.dmp

memory/3204-2062-0x0000000000400000-0x0000000000818000-memory.dmp

memory/3204-2063-0x0000000000400000-0x0000000000818000-memory.dmp

memory/1904-2070-0x000007FEF3610000-0x000007FEF364A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 270b8ec033d5d9bf149ec2f413658a9a
SHA1 e1f02f7201268ef2287d9bb65c93269d08ca2fba
SHA256 e23341e48a0a879802c11e56019f8b111270260c6b299bbbbe6be3a123f27135
SHA512 aae491951a483d8ce7f3a19c6a8856f6fd310e565f158d1e561c6b0675d7fb66d2e2325d33ffa08478bd174e6fcb8e2697106ca78293cccaf61648b24b0e55e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4ebe5e49810ad378eab8671cccd9c60
SHA1 2629f2ac4d13a0b4e62397abda829313672c996d
SHA256 21bace050f840eb5ba99983e606706530dee017d67f118bbd42f8b230fc8c575
SHA512 89259ba6198c4a39dd32a1463d132a4bbada886a76cfaec4c1e11da27f4acaad21c4bf59488b2da27aaede7076b8378dff2739cf492976b5cc651f54c97ce7a5

memory/3204-2088-0x0000000000400000-0x0000000000818000-memory.dmp

memory/3204-2089-0x0000000006700000-0x0000000006702000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q5AB1QL\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

memory/3204-2098-0x0000000000400000-0x0000000000818000-memory.dmp

memory/3212-2099-0x00000000045C0000-0x00000000045D2000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1ae9c197a1bbeb07b3c1f22e3e36a1f
SHA1 b07bc61223d054249b1668d4cce7126180e926aa
SHA256 c1c751f64161d6a1c92334229a7aea6a6f1773048aa6357752ac78d75edc832f
SHA512 2db1b35084eef8d3ec6baf3f623422fc0df4666de4cd6f5d2aff659d925f5e0a353d9eb6a1ff3371de5f30d4dedb15f892ffe5a7bcc679e910e4ad75336ebd9b

memory/3212-2127-0x0000000006410000-0x0000000006430000-memory.dmp

memory/3212-2129-0x0000000020AC0000-0x0000000020DDA000-memory.dmp

memory/3212-2131-0x000000001F030000-0x000000001F03A000-memory.dmp

memory/3212-2130-0x000000001F030000-0x000000001F03A000-memory.dmp

memory/3848-2138-0x0000000000070000-0x0000000000191000-memory.dmp

memory/3212-2143-0x0000000004870000-0x0000000004880000-memory.dmp

memory/3212-2145-0x00000000048A0000-0x00000000048AE000-memory.dmp

memory/3212-2144-0x0000000004890000-0x000000000489A000-memory.dmp

memory/3212-2151-0x000000001F030000-0x000000001F03A000-memory.dmp

memory/3212-2150-0x000000001F030000-0x000000001F03A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3f843087-b169-4bb2-952c-6c6e51d2ae2d.tmp

MD5 fa0c2681536a456fd860785c77bc7d44
SHA1 b145ca8f5e4bb2adb0b97a07685e1847c0d3332d
SHA256 45d292ce6452c2cd8450ccce90c7a599fd7175fbcbbac673c1d77d62e1882aeb
SHA512 1a16772412e8ec8a4ce0becc164a66ccda3c2f8aacda2a02b5ec05128fc71167576e73d193e9e89ba8cc1b41b60bb0dbfddb5910ea14fcb08f6a7084d0695e82

memory/3212-2185-0x00000000223D0000-0x0000000024202000-memory.dmp

C:\ProgramData\iolo technologies\logs\bootstrap.log

MD5 1403200455b3b61fec10dbf8fd9c0df4
SHA1 5c4999d7a97e8161d98693b2f35b22450621e03f
SHA256 80736b049bf63b9fcc9078f76ab3e759135b12123af23aa65800ca260d66fd92
SHA512 215a15fcb3263d45c76b4c729d896b3cbcf22cbaca33ec1baeca6ad89a0f5719cad342471fbcaa42a4760221da4742be0aa52f69eb09f246aef0d315cdfd1db3

C:\Windows\System32\drivers\pgfilter.sys

MD5 9299ad7e74520064827f65fb3cb6d1c7
SHA1 447931db731dee6de49e7ab42aedf860c7a3eec1
SHA256 1ce69bc9dac794e1afa39fbd977531742f0791d4ff60a1b86fa64783be252f04
SHA512 1c281fb1acdd7b7e97cda16541d526fdba2a3eb809a709239e3a32b1fc277bf2789fdddfa835b887f65c42a4034905694308da3b35d49745c49de6594f1e3bdd

C:\Program Files\iolo technologies\System Mechanic\WPF_Driver\release\win32\nfregdrv.exe

MD5 92a6df47283b49b207045fa7a4502bc1
SHA1 718e9ff5f0fd9143de4f8fcf135d78165f991e9d
SHA256 d714695c9775bd7dbb1fa40882bbe03216acb3994b94514a68892454eada0358
SHA512 f2b08a4ae33e87a786fe25a2d902c8acb002faa4893a1f21d5608cbe070477af1b9c553c8960486a65089ad1e0be1491cb93cc60da9f3394c893525fa075d645

memory/3060-3157-0x0000000000400000-0x0000000000B3A000-memory.dmp

C:\Program Files\iolo technologies\System Mechanic\SystemMechanic.exe

MD5 790cacd567d86604554c76fea3b2f2e9
SHA1 db19e29ee1b79d728223cabaa2831dcf016fd2c8
SHA256 3ee5a05f6843c07b85d818c55621ff1040fd8c3c6a3281c791f665add9b9b2b7
SHA512 c83cefda818f36fc91bc74d9aec972e316c6f884b422d3f04a65428adec7d295c451334cc1831f2390a1ce1659916ba95a4b6977ac72dc4c88045a7064e78111

memory/3212-3170-0x000000001E770000-0x000000001E778000-memory.dmp

memory/3212-3172-0x000000001E860000-0x000000001E91E000-memory.dmp

memory/3212-3171-0x000000001E790000-0x000000001E7D0000-memory.dmp

memory/3212-3173-0x000000001E7D0000-0x000000001E810000-memory.dmp

memory/3212-3174-0x000000001F8D0000-0x000000001F95C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q5AB1QL\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 23:58

Reported

2024-05-10 00:01

Platform

win10v2004-20240508-en

Max time kernel

93s

Max time network

99s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpg

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\685c6aff44c0d4bf74e109573e7c8ab9~c5_720x720.jpg

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.137:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 137.196.17.2.in-addr.arpa udp
BE 2.17.196.137:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

N/A