Malware Analysis Report

2025-01-22 09:04

Sample ID 240522-e39m3aca78
Target https://download.tt2dd.com/
Tags
redline rajab infostealer motw phishing discovery spyware stealer persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://download.tt2dd.com/ was found to be: Known bad.

Malicious Activity Summary

redline rajab infostealer motw phishing discovery spyware stealer persistence

Suspicious use of NtCreateUserProcessOtherParentProcess

RedLine

RedLine payload

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Blocklisted process makes network request

Adds Run key to start application

Checks for any installed AV software in registry

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy WMI provider

Modifies system certificate store

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Runs ping.exe

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 04:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 04:29

Reported

2024-05-22 04:33

Platform

win7-20240215-en

Max time kernel

136s

Max time network

232s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://ertytvm.xyz/?FCmkiNRLh0Y2BHeutdTwaKGo54Mfs6-xIzrmYvfqdQhHKX4B1CPNVREiawejpUG3Lo7WMuF9A8c-Mf62jtxdLuv8WekyJqrXRI N/A N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3004 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67d9758,0x7fef67d9768,0x7fef67d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1868 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1256 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3156 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2664 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 --field-trial-handle=1188,i,16311112763856086497,6717407667873126607,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\" -spe -an -ai#7zMap5843:188:7zEvent6617

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4d0

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Inch Inch.cmd & Inch.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 4165174

C:\Windows\SysWOW64\findstr.exe

findstr /V "TemplatesJunkFinancialBlocking" Innovation

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Locks + Marble + Irs + Ray 4165174\X

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\4165174\Infected.pif

4165174\Infected.pif 4165174\X

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\4165174\RegAsm.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\4165174\RegAsm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com tcp
US 8.8.8.8:53 download.hrdagadu.com udp
ID 103.147.154.182:443 download.hrdagadu.com tcp
ID 103.147.154.182:443 download.hrdagadu.com tcp
ID 103.147.154.182:443 download.hrdagadu.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mthr.dev udp
US 172.67.186.50:443 mthr.dev tcp
US 8.8.8.8:53 lJKGaBvLUwHpnyDvqfhgyr.lJKGaBvLUwHpnyDvqfhgyr udp
UA 45.89.53.206:4663 tcp

Files

\??\pipe\crashpad_3004_ZRDDXXKQENYFZCAP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1b856d986acf1f5eb6ff53e75261406
SHA1 63eb214b48d18afb45aba1358260a63963a3e95e
SHA256 6f1c4731c92c6aafe94293d17884258b3137029ae86acb9d7c6e7c650f9b96d1
SHA512 e7507b7e04e0924c2477f281ea31e8a6cf79dfc7e24bbffb736982845e88452627c9f5d72e9c83497a178a3c98b2a9ee27c1bf63ec64dc6ddfde93d4c695a24c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3d8cc9a174cefa2fe79cbb73d0618460
SHA1 99ea10e786550e4ce4173ed10cd678ddc6391fec
SHA256 95a48a154eb56738bfd06b9e11f311a5f339d3f9c56c9b39459587c85c3b9bbc
SHA512 33781c95228fc3f65bb37003e5c3c6b2d3ff4a1412d263acf7e72215b9495ed35640e5d3ada02dc72905c2c19f4e7b8780d5724848a78e6a70101db01c2322ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cce456afea1968758d01536a161d1b6e
SHA1 2ebd28e089763312411b5419e6b486da55eeb601
SHA256 21471caf6e4826482602e0befabd794d43185edf288b0cc205ccc19bfc4b924a
SHA512 5111a382f263da808ddfaa1da2cc93587f7b779e6ba2481e8829035e6eaeadf57b1596abcce5deadf2f42f33b1902eb58dc4f9bb8e558a5480ce187ee45aed02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 740a1f80c198c5d8ccaa04ddcbe6a0ec
SHA1 8bf1c6fd0d0b19c8b048f75c4c2a0d87ffe1e0fd
SHA256 6995a8a7c9b6e06514e643fbc217a7aa267562904f292938a684a5520c62544b
SHA512 e9375aec9aad4be85602e6ffa77f23ca5e8f4df78b469bd9e775aa9b86412d1c8fc6871d39d0c315c5ac9d82cd5046d5fe332f06a386da5cf6ed0737113eaf2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 49fce84a69719bfc4b07788b61775413
SHA1 df207e79ec9d69fc47e4399561dcbfd714054499
SHA256 35f1f1525b6381de6614beac2c8009e3a80c9e2c4f4fe39b0d6f5aa7719e64e9
SHA512 41a8f80cc43f69aea6c2eb96503c1664ec0ec935f876ade25ecf6ae55e1abecd93854e3a635a1244fc40a1e5cb742fa9911811f26f0e6a5be828b024b60b61f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f0de987884f1b3df8eae4bd3bb872180
SHA1 b50b713351c23c192d0c33430f5cde4856755111
SHA256 7ce1706618ed5ff7bc1236b1530e6061ccba9eada53d71862d447f6f13797594
SHA512 85f7c4cc5c4fdbd6f92d703c72f55b903a98a21c5d1fdf82971527ed1f5fdb468a57e489e0f9d5b964e435efbf590bbfaccff591e7b59a8181089a1b2d9a8d32

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.vshost.exe.config

MD5 28960c034283c54b6f70673f77fd07fa
SHA1 914b9e3f9557072ea35ec5725d046b825ef8b918
SHA256 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512 d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b37eac40-423f-4a7a-817f-c146ebe36e86.tmp

MD5 95cdd7047b8f251b4df098a691f534b0
SHA1 f7d5c6b9fae151e732c140375276f5e4dbf658ef
SHA256 d04aa07099965446686aa62f7ae1db8a243c967a3f274f26012f1ace70336589
SHA512 3aa786a32b5b2d06d085726ca34d8eda08b74ef5221bff7a77e025c72b7b15eb6f056287939899bd2dc7838e3c5e8283600f23941c25ebda28f7445ad8d04c57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 97fad7603c17b95efd351770589d4416
SHA1 2c124d861088acbe681ccd05055b21d4aa91ac58
SHA256 076e2d47a2e01022281e71d10e18b14b4250d4c6ce54846e0dd0fcecc3634b33
SHA512 8ad5d8e9622a9af60c8a9fc55b94d5cf2caa5bb04ffce0a0bd2fdfcfb8a170986e97197dea2c867e4f97bc106c12d4b07c4d1564f7838d4185d60ba770550894

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

MD5 94e7e5e1cee055f9ac963b7650d5d8bd
SHA1 f18a89aa7fa97135b1214e31f2c79877d2a04284
SHA256 94fa692514c48c66ade5a1a90d07b4114272faf810801efa472b803c49231ad3
SHA512 13f1eeb4788bf868e126e840645f7096c613d748318958116eb3cbfc44dd5876b024b85f8dfa0283921181e1ca3424c721780607480fb7a621ac4650ff6b9e99

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Inch

MD5 c5ee4dcc9184a60b60f76481af4529b7
SHA1 7bbac90ca2bec5b295fed1c845dbec6ffddb727f
SHA256 7863ead1f7df1a80fc847a1751d02d99700714b9a4848401028bc7d36c4ba0d0
SHA512 c8cc6005194b041381a20ab0f02f7b35148fbf04c9b1b32d36dc4fa3aabfa5cc0f2db12163cb727ce48bb4db72fdf31a0e676045306cd72b9f6c625c1fad24d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Innovation

MD5 a159d27c920ba255b699838eaffccddd
SHA1 07e71d8b5084395931df7acd1771b2e9609e4ebd
SHA256 105b7b26ab1b62e5d3f32bfb07fbb8f91ad3e434a41ebc55c9d4d3befa82528d
SHA512 7bb0119fa06d4b6cc214015b2f87e05e9c1f1d139d7c85089c28a3ed36254d41dfb4ab8b19e471424f6d487159e497f5488bd8607d005402ed0820fbbdc0225d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Changed

MD5 d9f09a4c8c1043afcfc246936564ee01
SHA1 169d6920213f5b8f3cd1cb576170e9ff6344fad0
SHA256 e672668d0fa0efc8952e4ff1f9437a5281827f0c16fe6e02a6792ba0e40b5b3e
SHA512 ef054d017fb61b32bb3fba7293173694c449cbf29d87830419fa1af27f6ec2da3dba6e72e8c7d88bb784bd8297606a05bfc039ca490a47978ec99731ee98c71a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Beef

MD5 654f7945c1c6e8cf978cccce420e373b
SHA1 5e53a3e35f09ca36692a566a0735a398e1e541c8
SHA256 b56604fbe129b7f4c4ed303747f006541a46c0194871c92edac85bef7a192189
SHA512 ae05c90eaa2580db92c102f0de514a0226504d3679eb7ec3be6b01a5f7e8f704a5411370c588b8fc92aa930e699abad3ff6b3c9869c88a9370b72096e8703ab0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Chronicles

MD5 cccfe820790a18ad637c8c48190a07ab
SHA1 2860eeb3aad76c4de98251c643b097452f2adbe4
SHA256 e76044935d27539fe765cf0f38d62699736b8bfc9e1f9abb4dc9db3a325308a7
SHA512 e518668dea9e6d40bf51781792a85322b0119f67eb905f1064b8b08569413460598e1cf6a31e95eddf7500e315f082b37f55e91455dd91257a08daa5c6de3200

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Smoke

MD5 a6f632d877e85b03e384d505ea5eb42a
SHA1 2482da9e439923377d00bf481bafcb14a2fcac3b
SHA256 1b462e05740e262a67885186c277495de523d66ccfa216c2995f9209ad250b2d
SHA512 b29a73018c6029ce9cedd366d3307e351d03462d4f2dcaf9316b34e20d9d833b262f3a0cdb0741468f97599c171b25c016819be39ddbade4d3ef28ff340bcbf8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Communications

MD5 a78d9f9007458dad6a6288b823c02308
SHA1 6301c74ed457ea40b1f51cbd936213413db64c73
SHA256 d2410da2189f66692da2d44eb27900089b99f6433d5dbad7487a2dcaeeae5b2a
SHA512 886dd057ee869a6cdd75f7a57e3ac97ea9366d5aeae03ca7407d035d02b8eac8795122ee5a4827f8a566bdca29ad37e84e48fa1b4e14e16d8bb465cba0c9c6bc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Up

MD5 44c2a2e9389c9670587e7738cc481612
SHA1 dacec904f8f08948270f85b6496d2d0d9a291766
SHA256 4e6c972ee2bed1fb9953db12ff17d4e2b9bb3dee64362d9d182aa492e566f08e
SHA512 dfd35d87a4fb63971f6b07e3f60f387809563486a5373dd7af20a8e5245f9ea0d429837ff2ce3e9015c00036a992c1dbf0447971f192bf6e60bb51dbf14a0d94

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Disclose

MD5 11a09faaee7bc02ace390631b890021c
SHA1 fdd4a531a3be3eba5555ea9cfe9007dda09487a0
SHA256 ab4df3d0689cf6deb9baf90f7265d3465071a6e5b2d243a637d5ee49e997faa1
SHA512 4a72289d0147e065baa8f1d325c242bb8d7996c080a71e9053d3f1a7a7e2bcc9d5d2e04603f32d85ae34f8d903de762bab421917d78f87888cbec2b04185d773

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Hammer

MD5 a594248941cb800e60aa32730e5afb2f
SHA1 b0f9230e670211942c750d3c68b148e2164947d1
SHA256 0df59af13668eca5be679c3e3a3da05185a59b2fd9778f2aecf3a3f353b9616d
SHA512 44923dcfbe8769895fa1be73bececefda9f78bfd40c18f0a44427225297f3edf28718becce133b0c883bd5f878bba82ccc0f658982eb187dd810ab2f43a53b2d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Breakfast

MD5 099088c7bdbeb6b0c025727492dd71cc
SHA1 3b186caff335362dacaf494a37f5c0bd8a42d5a8
SHA256 20883cfb559483c21725fbbc28934ddfe1a2bd9d3889fc0b2a925d41638c818d
SHA512 8897621fbcf8aec2409704dfa419edaff7a4321e2d5b0e7ecb47a1025fc3f8bcf1ea0a0e2ffa8bcdff13197fc427de395601607e8fa400e07d8c4f759173e46d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Issue

MD5 c2a3acd5ffb5894a56f6d3546d5f9e57
SHA1 76c605744596cd2ece89fb6b7a6ab02379379eff
SHA256 f2bfdcb7a8fe95b531c796bd581258b9b61d1fbe815311f6dc2a633b0f80d8e9
SHA512 681ce12931591165b40bd46235bcb9d2fd2913aa9f3841d3d0b51c1276d951b85b30b50c0d92437191fc79522aba017c56849fa35826e71387401a716c6c01da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Woods

MD5 44814f258e71a515115ee6b5b8288d50
SHA1 a8457825e68aed5813384a763163dafdec3502d0
SHA256 29c65d8353f89236340327b3b406712f7bc167c3004c8c68ccd20cde1bc1bc35
SHA512 21afd05cdc279e459ade9343aa5e6b78bfd097bd6bc34963421c457d131fae4efb33117258d78c1fb2043df627cee9f4db60de4427c9599c8b2ced42470acebb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Reservations

MD5 03bbac1012dc934a35d46a76a50e08ca
SHA1 a5e30a19cf6158349cae5731c35c35074dab14e9
SHA256 48eae157cbce36131cd2bdb12783c54830cfd41adf64b79bf667f71bab318b72
SHA512 c8b80dfd1a0f56634c9dad9cb09672eabcfe448f7270a783724623ae08c87f2948409865e3a53c8a464ea88f51777cb037421d9112b5c3954b242bf28aa25f52

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Debug

MD5 3878f94befdeddeed4508cc91d30b775
SHA1 25dd781cba90168310653663767f51b82eae189a
SHA256 139c7c899303807f4c674d4ed2acab9043e470f3aec1598bc62f77348a3bafe5
SHA512 f12390ee74eb18557b2dfb4ea92f0875df945bd454c7b8304c5523df92ef53bb39fbb127044db29d5015e3ff5d2dedb4a2a69fe05a34be2b7200c969869d9904

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ebay

MD5 ca0e475fb526f9bd88952e61eea23458
SHA1 aba4f6086c5f9f956059229428ab5809da1c8251
SHA256 042b18a9ccd495da456a3bbda195a91fadb37488fa3f24abe3f2a3bcc8fc500f
SHA512 a375461c6c5326a584476cf1228e0d7ec28d5e45d1af8e12a208336c4cec33885f2b668a2351d53be134aab6089c4f90b067920cb2638cd21ff7e54e073b690d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Diet

MD5 8f80a990e34a018bf985ae5ee6880892
SHA1 9ea1c5555d63159d73331044cd2466002bb4b0ae
SHA256 9c4e2822f78488e9ce0e471944802feb840ae2aac1dd70dd0b38e69d06bb9462
SHA512 2e85af9e4e3b499a8577fa51c302a2a3df10bcf03650c68e6be82f6108ed0e9f5523abcd86f9ce8fcf6fc5ef7e5e9df5588e5b2f4ac1472dc006f22176a2e32a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Roommate

MD5 ad4997c14c040ff7fac72a295d80e7c2
SHA1 d4ac36b2f27ff097e90a2ebe8178ffdb238e022e
SHA256 3713b88f240265d95a532172bd41471c624126826a6176363e5256e1303bc234
SHA512 ef71df08a3b04942390976d721a175bc77365c6f725e82df102ef0d2b9a9a6f1ded8ed66f31e159f97dffe1a468413ba371883ff3e32def1f102bcd0112f71d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Specify

MD5 e8a0490f31dbef2d3167b57713023d79
SHA1 7856a4a2f9493d0d519700d30935f834c1c0f81a
SHA256 367162d6b910ab48099fcaeb0b15d5b2acdefe995607ffd0bdd3d2f5d5b0f2ad
SHA512 0f89df4ba61ed14b6ef1774cf8a96974b2220cc7c782451818d2395e111d6da7283c9fd2e95589a4d4f644c87ac8efa77ae9f41a17be547a8cf94bcf04e16c01

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Prev

MD5 b38311b401517c75f606fa819430d170
SHA1 d9ed5c00db2c4c81a86602e9e66066788d87ce9a
SHA256 f4668ab86a62ae276fb3e9f0940e4a0b0456ff308b552f6e162795dd0e36b704
SHA512 5152bf7bc3eee603784dce61ee9ddd5ef9903fc6219e3052b96f7f0652133e50473ee25da4c85672a67ec3d47ab9bfb4e295a9a4c2a6f60019dfc01c65c9f3c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Probe

MD5 227f0c2bb7513cb9549bf64d7a9b78ea
SHA1 0a9b1a053fc2a69b263a47f4b91943f60ba33ab4
SHA256 09b0812cf3a6232db410a32a7f288d2a2af53116475bd84c00cee02413798ada
SHA512 4a9180ee4eea8519cec3d082183da51aec4a0a0f1b71c1c19266056c400682a9c6bbe24b03ccc897690dc41007bdd9ab7ff3366f049ac1ab647acba9c39a12eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Et

MD5 af2e88cb701298b419c76ac6e2d29138
SHA1 bf164d6fc81cbdf1350dc4cd12326a207ce26987
SHA256 02bea5cbe6052966fab2a8777c7be1927f70c57c57e64c46163288345e31ca80
SHA512 06c9d449eaebadd21a30f6960b6f3fe989f4316dc6119acbb5366624575d9cc7cac16d6825a08b286fedeb4cdf134e469f91e23e895833bb254c7bca60d7724e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ml

MD5 edbf126b0d7e08948d224a05c9f95c99
SHA1 3669fba40d2ae16eaad5b6f35c92316d478e6d62
SHA256 8ded4af5019a2a1bc87ac8b309ba3de6595ea545cc654430804bb67ae1c38ea3
SHA512 fa75adb54353b5ae83ca072a941fb40d6efc19444e28e425e71692e7801eb9070be8967634c22148f0691743edd878605eee08867797142df1ac9c8c7f8a16ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ce

MD5 49fb14a076bcafc86abdbc27ebafe16a
SHA1 65ee937829f08d102962d6e3922eeaea2c84c069
SHA256 9d5aed42fcd6d3d8951bb96670834267e810f84b34860e3bf351afca28e3afb1
SHA512 5dbdccd64410a36dcaabb0bdb793e6123dc61bb32ac316644df394ba4c8ab147a027c38e8f819593b689189852c1436520866afa90d1f9b6b18398060610427c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Locks

MD5 1659a7eb3dba9d9143f98def92dbbb88
SHA1 3338d23d47256b6c4bd475bd953dcb7b6de13f87
SHA256 8271297087605f98d4351eff05198533a63924f7b666754b85894392aa9327dc
SHA512 c473fc5b74a1877e29f2e904955bd1bb270932cb40148c25c49d5dd7f6d1932a1e70692083176c00eea82adc73e3bac860847bce7bab5d1ce1ed259415fd795f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ray

MD5 15b3c47ee4220a1317285551dc46df3b
SHA1 ecccbd8d0bc7616f30548bcee6179da004f64553
SHA256 9be2db11436373cbd4dabb4664297a0814ffa18be3a9637de1b583adb863ba79
SHA512 9859bda25d9eed059d9ac27d091dffcb63a1ea7a37c2dc3b7a7c8006d65e64414367021c97b4c27f1de2dd021f125d7e6451dcd07a497a05c0e0150c6f56d4d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Irs

MD5 cdbf87ed2611759361edcf2d1c36cb8d
SHA1 fde07776b66674be84f7e112b080c4b20a6972cb
SHA256 4a2afbcbf160bf24e04c3b9aa72267ffe589a7126aedad36e8fd22126fb79ffd
SHA512 e1b1faec18c602f5d89c64488c148ba943dbfb014e4e2f030a00830d032c58ba95f79d135c39a4cf7346dd815f1996a8f863642f96f37ec9745dd46f42b6e32e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Marble

MD5 955750a52c9c524e3b1df558e4e598e1
SHA1 6362a9a195fc6446cedb85ecc8df0ba82a9a40b9
SHA256 f233ec33624377ac70388bd8738bab20538b7f8cae46dd1e8bfaf3c87014580f
SHA512 1d7e2fa136a618deffa215fec63b24ca1918c0d2f467c28572a6907e1cedc2c9356536ee111f9d9e0f917d5e38f3322cfcbb0d590c94a526fd9a98e3057b188a

\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\4165174\Infected.pif

MD5 b06e67f9767e5023892d9698703ad098
SHA1 acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA256 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA512 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\4165174\X

MD5 564fcef4278786869d9e7f8606d17f47
SHA1 d36470b9a08322aa27014fc9ae97a69829ae4d54
SHA256 7ecd3748e97c574c643cad0722725983ac377a780f8e5442c383ce7a3b2205bc
SHA512 983ebba8851235fbfe515aa9b4156eca079914bb9c126d5f31c592bcb0025d26c54e2fd50b9f153b9eb687b0cae4361aedee61634004296680d5d454ad0022e0

\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\4165174\RegAsm.exe

MD5 b58b926c3574d28d5b7fdd2ca3ec30d5
SHA1 d260c4ffd603a9cfc057fcb83d678b1cecdf86f9
SHA256 6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3
SHA512 b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

memory/1184-426-0x00000000000F0000-0x0000000000142000-memory.dmp

memory/1184-428-0x00000000000F0000-0x0000000000142000-memory.dmp

memory/1184-429-0x00000000000F0000-0x0000000000142000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp69CC.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 470394e39605e0ba59946d9ad8427696
SHA1 0b90f9d7162ce382cee747e14b6bea247f485f43
SHA256 cfb4381758371a584bb31f022b37b371b7e1ecbceb1c10cd7f53a9bab93f3225
SHA512 e435a660d68e63b5f45deb2027556ed962205156d6781b4ea3e4e364d7879b3646cbb611b5d240b7fc950d4ebf50cadd975a3710ccf88a592766c5626b6ad8e7

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 04:29

Reported

2024-05-22 04:33

Platform

win10-20240404-en

Max time kernel

190s

Max time network

196s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1620 created 3332 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif C:\Windows\Explorer.EXE

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://ertytvm.xyz/?FCmkiNRLh0Y2BHeutdTwaKGo54Mfs6-xIzrmYvfqdQhHKX4B1CPNVREiawejpUG3Lo7WMuF9A8c-Mf62jtxdLuv8WekyJqrXRI N/A N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608257664149366" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2900 wrote to memory of 4924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 4948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8e5bd9758,0x7ff8e5bd9768,0x7ff8e5bd9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4784 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4376 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1556,i,4963695911131561850,4573324527198471403,131072 /prefetch:2

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\" -spe -an -ai#7zMap14082:188:7zEvent31675

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Inch Inch.cmd & Inch.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 4163474

C:\Windows\SysWOW64\findstr.exe

findstr /V "TemplatesJunkFinancialBlocking" Innovation

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Locks + Marble + Irs + Ray 4163474\X

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\Infected.pif

4163474\Infected.pif 4163474\X

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com tcp
US 8.8.8.8:53 242.44.178.108.in-addr.arpa udp
US 8.8.8.8:53 download.hrdagadu.com udp
ID 103.147.154.182:443 download.hrdagadu.com tcp
ID 103.147.154.182:443 download.hrdagadu.com tcp
N/A 224.0.0.251:5353 udp
ID 103.147.154.182:443 download.hrdagadu.com udp
US 8.8.8.8:53 182.154.147.103.in-addr.arpa udp
US 8.8.8.8:53 mthr.dev udp
US 104.21.88.164:443 mthr.dev tcp
US 8.8.8.8:53 164.88.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 lJKGaBvLUwHpnyDvqfhgyr.lJKGaBvLUwHpnyDvqfhgyr udp
UA 45.89.53.206:4663 tcp
US 8.8.8.8:53 206.53.89.45.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp

Files

\??\pipe\crashpad_2900_CKMSHPKMCAMXHPPL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd9cec96c8fa329b6f51d425c17dc918
SHA1 47e2d4f1ac7ddceefa4b364510699098a6ea27df
SHA256 f238b71174eb563cf6e17b32b896937639b3b26e6241ccef11f446e87927f3b2
SHA512 ce8c780641c1d9c4fffa4d940966f2c9270adec02c33f1c3e2f45cd8ae7c47bc478308d60c0270a2353098a010ead5591457ba669d62c8a4342a7d05a676925a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6ef865ccaa44c9dedacab9637f0cf99
SHA1 bba2d0bba8e2de1f601d12db37505e14f9d85354
SHA256 d440043fd6223acc44dec08d6d80124c8f6fba26bb30827671b7f20b7f0b4bfc
SHA512 2a5e96ad9e58d9df60d5bcc6da1d245d54ec982af3f65cc5805e0ce080729d39840ba486e9b6f01bf2e87eef93ed691e1d3796723a5ce6538af040bfbb3075c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ca67032e03f8f016dca8aaff99e68f1d
SHA1 b7b16554e3a96755ad1cfec98df83efd3264586b
SHA256 4723da1f1d77608120c1022ae2105785e7018be2595162e4bda3d1e6251b1ea2
SHA512 2eb402a2cdd816aff0b792dd33e74e605ab610e54a446ba3c708cc904893d11dbf7f4a0e7957b06ab077128ca013c9052791ccfe823cbb3d9133bf04a4fd3cbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 99055a278837477e84762b596b4537d8
SHA1 1b043c736ee2eb7f8d1e9b33cb09cc7d71883033
SHA256 7de48caef680090b00ba47df77906cda4b4e69dda1480d9db801ca5e8ee2b252
SHA512 1b2567e93f43d5f70196293842e479b10cde8dc3d53b6167d39e7fb57efb6696606a7963702b5958ac7272ddc10c1093c5e409817a658c1c336f62052479ec95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0f1cbd02fec2610c223b245d34f69c4
SHA1 099720621c4798a9191403ed55b6c59c9c18a7d8
SHA256 11fd0ae633d6218829d39a5efa2992139601e25d5b7f2ba590f1d2197511aece
SHA512 b28ac0dbae7deacf6a34ac2fdb446cce329e2655d750a5b86e2640c94a30df18f869bbd565d937d88a9f2527b4dc1433562a06f387991d96a6a51aba8e6a45c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3510e60e8144eced3f8c8278064de36e
SHA1 a35e9067ace3f243f5bd274453b255506a4a0015
SHA256 bac6d3d949c15b2c1e00c073adbab2e51d6d5e4851c93428cc252a6f811b435e
SHA512 114a35350f641fa7b08899c0d18dbd8aa053daa5662584de95c7752f9e71a3b150f560704a9c50995b1f9096367c17cd1e001ce49c2b14db76f27cff7c3754b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4abb015593b00ba6ce29a273358777df
SHA1 ee5a31ee4aa0d8aff24e07e0cd9f7a0b47afc817
SHA256 374b950c4df0ec0551329de883031c225a16453f25c92052c839fbfb0a28cb06
SHA512 44ab68f957fdece45d109a43967365698314f7b8eb8a58466d9d42768077490f80e4086a52d6abf5423b46c340af9efc5ed87af75a68c84b841f719f98351fdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a97b40a087dd4b30779a0c040122a0db
SHA1 0fd876b0518a13247fdf9f34f8d0012951b0ef21
SHA256 79773b8e3ae170388ffc9f2e8acc2f089ae5b5a10a044027256b8e17e11ab44b
SHA512 f143d54e93567928fb352a8274b74805902eee29765fd4ee8ce0d8c079636e2c1f17f87af512f2ea6ffe0ea77a7ec710dcf40884f0c01d5188741c407df0aebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e742b7a15e31c2ed05eda328422bffa7
SHA1 89ab832963bddaaa7fc37920f6592a1fd4007f9d
SHA256 f1f73905c64645f3b9494cbf44838c8350d073b68612684ef72f7c175614936c
SHA512 6a6197cd2f536d3cb9bc9d562c58c00b098dafbdaf01cfced3a1740057c965cc5e6d7f6b7063b1db77f0370f7287882f9d6594211dc5ec3e80ea52fe2144dd30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585213.TMP

MD5 b80a56a840bf6ed61a509986c1145bc5
SHA1 d0f92ca2b5a93160858ff2765008d5f3a5cc2980
SHA256 496f91d69a4e2909bc6536277ad2cc975a6c915ac059e295ebb28dbd02aa9ea4
SHA512 403ad0057a87bd778a92bfc57a463c9e2c586698efedc7add951476080c134d6ce12db1bc5e9ee52d6993afd3183c5989d8645fbb115dfe90db1571644c1ac84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee5113aaae402f5ba3e5591358692ee4
SHA1 52c0ef32bcc816b9d44e4639587405c22680b579
SHA256 38fd49e3c94882d05267d75fc14c7d820dbb2f20aefeeb8ae47bdaa23f4b79b3
SHA512 04d2a24f94ecc0f6f7d7d0ee1b248295c4e1865839be146abb1bb845c090aa9176ae9797a3aaaecf71e859959dce99ad09246dd80b9435a0d6db00e87baca8c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 896b774f6353a47a93e4c385a2b2c0b2
SHA1 b5705c3460678f42ee08241e44722b6239e77715
SHA256 3da750ec19a2592ed641508297a139eba517047177d388b6e00a973a2fbc11a9
SHA512 611c5ac4b2633dcf9d529dbecf5f763a1bbd4f6b0f78df20db395f624f63c3cacabc6242a869ddb1d07112247d07226b2865993baed4c9144dbb8468b23f7df4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3d6b36314f2317aebfe06e5c34ed7055
SHA1 0c796fd5044460a0c23ca2655e4d6f127fafc0a5
SHA256 7f2264ced528c3d3c38e7ecfdefd6287fdb4a2cc587b15df27b23e893cb8e758
SHA512 28336e25fca0645740a9bcaf21b76569db3991ef06da08d8cd35d1265e2a9298ba8022c45781a8a1607429e656074a2b782726357c89fe25a81d85d6ae747b40

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.vshost.exe.config

MD5 28960c034283c54b6f70673f77fd07fa
SHA1 914b9e3f9557072ea35ec5725d046b825ef8b918
SHA256 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512 d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

MD5 94e7e5e1cee055f9ac963b7650d5d8bd
SHA1 f18a89aa7fa97135b1214e31f2c79877d2a04284
SHA256 94fa692514c48c66ade5a1a90d07b4114272faf810801efa472b803c49231ad3
SHA512 13f1eeb4788bf868e126e840645f7096c613d748318958116eb3cbfc44dd5876b024b85f8dfa0283921181e1ca3424c721780607480fb7a621ac4650ff6b9e99

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Innovation

MD5 a159d27c920ba255b699838eaffccddd
SHA1 07e71d8b5084395931df7acd1771b2e9609e4ebd
SHA256 105b7b26ab1b62e5d3f32bfb07fbb8f91ad3e434a41ebc55c9d4d3befa82528d
SHA512 7bb0119fa06d4b6cc214015b2f87e05e9c1f1d139d7c85089c28a3ed36254d41dfb4ab8b19e471424f6d487159e497f5488bd8607d005402ed0820fbbdc0225d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Locks

MD5 1659a7eb3dba9d9143f98def92dbbb88
SHA1 3338d23d47256b6c4bd475bd953dcb7b6de13f87
SHA256 8271297087605f98d4351eff05198533a63924f7b666754b85894392aa9327dc
SHA512 c473fc5b74a1877e29f2e904955bd1bb270932cb40148c25c49d5dd7f6d1932a1e70692083176c00eea82adc73e3bac860847bce7bab5d1ce1ed259415fd795f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Marble

MD5 955750a52c9c524e3b1df558e4e598e1
SHA1 6362a9a195fc6446cedb85ecc8df0ba82a9a40b9
SHA256 f233ec33624377ac70388bd8738bab20538b7f8cae46dd1e8bfaf3c87014580f
SHA512 1d7e2fa136a618deffa215fec63b24ca1918c0d2f467c28572a6907e1cedc2c9356536ee111f9d9e0f917d5e38f3322cfcbb0d590c94a526fd9a98e3057b188a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ray

MD5 15b3c47ee4220a1317285551dc46df3b
SHA1 ecccbd8d0bc7616f30548bcee6179da004f64553
SHA256 9be2db11436373cbd4dabb4664297a0814ffa18be3a9637de1b583adb863ba79
SHA512 9859bda25d9eed059d9ac27d091dffcb63a1ea7a37c2dc3b7a7c8006d65e64414367021c97b4c27f1de2dd021f125d7e6451dcd07a497a05c0e0150c6f56d4d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Irs

MD5 cdbf87ed2611759361edcf2d1c36cb8d
SHA1 fde07776b66674be84f7e112b080c4b20a6972cb
SHA256 4a2afbcbf160bf24e04c3b9aa72267ffe589a7126aedad36e8fd22126fb79ffd
SHA512 e1b1faec18c602f5d89c64488c148ba943dbfb014e4e2f030a00830d032c58ba95f79d135c39a4cf7346dd815f1996a8f863642f96f37ec9745dd46f42b6e32e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\X

MD5 564fcef4278786869d9e7f8606d17f47
SHA1 d36470b9a08322aa27014fc9ae97a69829ae4d54
SHA256 7ecd3748e97c574c643cad0722725983ac377a780f8e5442c383ce7a3b2205bc
SHA512 983ebba8851235fbfe515aa9b4156eca079914bb9c126d5f31c592bcb0025d26c54e2fd50b9f153b9eb687b0cae4361aedee61634004296680d5d454ad0022e0

memory/4060-244-0x0000000003100000-0x00000000031AE000-memory.dmp

memory/2452-247-0x0000000000F50000-0x0000000000FA2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4163474\RegAsm.exe

MD5 b58b926c3574d28d5b7fdd2ca3ec30d5
SHA1 d260c4ffd603a9cfc057fcb83d678b1cecdf86f9
SHA256 6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3
SHA512 b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

memory/2452-250-0x0000000005C80000-0x000000000617E000-memory.dmp

memory/2452-251-0x0000000005780000-0x0000000005812000-memory.dmp

memory/2452-252-0x0000000003200000-0x000000000320A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp7A04.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/2452-269-0x0000000006400000-0x0000000006476000-memory.dmp

memory/2452-270-0x0000000006A70000-0x0000000006A8E000-memory.dmp

memory/2452-272-0x00000000071A0000-0x00000000077A6000-memory.dmp

memory/2452-273-0x0000000006D10000-0x0000000006E1A000-memory.dmp

memory/2452-274-0x0000000006C40000-0x0000000006C52000-memory.dmp

memory/2452-275-0x0000000006CA0000-0x0000000006CDE000-memory.dmp

memory/2452-276-0x0000000006E20000-0x0000000006E6B000-memory.dmp

memory/2452-277-0x0000000006F50000-0x0000000006FB6000-memory.dmp

memory/2452-278-0x00000000078B0000-0x0000000007900000-memory.dmp

memory/2452-282-0x0000000007BD0000-0x0000000007D92000-memory.dmp

memory/2452-283-0x00000000082D0000-0x00000000087FC000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 04:29

Reported

2024-05-22 04:33

Platform

win10v2004-20240226-en

Max time kernel

255s

Max time network

263s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1360 created 3360 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif C:\Windows\Explorer.EXE

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608257720821626" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3148 wrote to memory of 1900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 1900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae9d69758,0x7ffae9d69768,0x7ffae9d69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3308 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4052 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3304 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4256 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982.rar"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 --field-trial-handle=1872,i,4931932117149217809,16026523109890597456,131072 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\" -spe -an -ai#7zMap32369:188:7zEvent3213

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Inch Inch.cmd & Inch.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 4164384

C:\Windows\SysWOW64\findstr.exe

findstr /V "TemplatesJunkFinancialBlocking" Innovation

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Locks + Marble + Irs + Ray 4164384\X

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif

4164384\Infected.pif 4164384\X

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Inch Inch.cmd & Inch.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 4166384

C:\Windows\SysWOW64\findstr.exe

findstr /V "TemplatesJunkFinancialBlocking" Innovation

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Locks + Marble + Irs + Ray 4166384\X

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4166384\Infected.pif

4166384\Infected.pif 4166384\X

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 8.8.8.8:53 242.44.178.108.in-addr.arpa udp
US 8.8.8.8:53 download.hrdagadu.com udp
ID 103.147.154.182:443 download.hrdagadu.com tcp
ID 103.147.154.182:443 download.hrdagadu.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 182.154.147.103.in-addr.arpa udp
ID 103.147.154.182:443 download.hrdagadu.com udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 mthr.dev udp
US 172.67.186.50:443 mthr.dev tcp
US 8.8.8.8:53 50.186.67.172.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 lJKGaBvLUwHpnyDvqfhgyr.lJKGaBvLUwHpnyDvqfhgyr udp
US 8.8.8.8:53 lJKGaBvLUwHpnyDvqfhgyr.lJKGaBvLUwHpnyDvqfhgyr udp
UA 45.89.53.206:4663 tcp
US 8.8.8.8:53 206.53.89.45.in-addr.arpa udp

Files

\??\pipe\crashpad_3148_VXHNUNBIDEAWCMVS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\43aab91f-483a-447b-b8b8-52cf1488d092.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c2a808b4bf3268385600ae6a11ebfcde
SHA1 daf53d90f4acd207f17964269fde57a99f862ffe
SHA256 806e26ed858192f2c5ddf4e146cc7a9b03a4f00e5d85e99b9f416c315af33188
SHA512 5be861af97ad6e643976834a848818c6e69341f0413d7b2e5a2432a4188a1746f008d0a809a10f1b5a6aae018da0e3a40e27412d103c5662d22ee4cc5f8b1838

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a92a7f1c2ccc7da22e90fc9afc7c7e7
SHA1 8201b99633ad7126a06228250184b0517fc892f6
SHA256 adf4521b4585d189d81d4423f124d942adfec1cb26cbce0c1fde019741f0be6b
SHA512 c1a61e88a0e08410fd4096901301fd48211dfee93c5b5219122ee3fc2f0ef939376bcebef90d3b841b918af8f06882474c82440590058d99f56ed8ad1433620c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74dbc30a6c7a79a5122ad42efc41e7ce
SHA1 5269ded641d2b1fd1401e172aee21550ee558504
SHA256 a7bc7c6bdf348dcf05a661253ee0bdff8ea1afc757ff79c4648824a9335fd7e3
SHA512 1d48f43093a535d50afa49aac5c52fc55036adc2732e5b0bc2f3528c06dadc255f67516be40fb38b862975910a7ac3553e5429c37ab85ee62c8b4c7387f1f518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 24030d61ea486eeef6ef5ed05e51b86a
SHA1 c803a043f896cf99023efc3db04cc384cc2c29f0
SHA256 195350bfcc5a46a5b92b6c145cbcb7868d002660f2bab2e3c0ff727f81619e54
SHA512 619147e3c19daee56d462c4494a2775e0b45068d9ce556efe72547afe31c8677903e40115c1cc655a38ace72caafe0e560a428bbb7e93e3cb9ca4a62ab2c2e53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9e93dbed1a766fe5021f3c2072da4463
SHA1 c44a81e84413192b4b30abe6c4cbe7b80e8dcb21
SHA256 c4c352720dd2911188d597bd968e7ade176119a88bec16ba014538df8e438fbd
SHA512 b61646d6f4ad38bf60a42bc918d216ae52f81901642ca88385fd5f0146107df2862edcc8a81c7dcf56c48362cc2b36d04bd8c22d391f6c21de5527dcc390d676

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f9f4bfd45052747b249a710144e01b64
SHA1 dee0be0cd351938627f028148a4f46a381cf38f5
SHA256 762476a045e7aa258055dd2b09c70ad6b9800f1a4a76c2eecc812bb3cc586d7e
SHA512 fa7718dedf13d70e168d65cabb4f85f497059551626d405580994cc8bda0b240a3f97daf5a11fa52c025f691ffb5374a8f3eb8a4f1a2270ab2af0506d31a02da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a5bf46b1ef0abe2281d3e5fca35efad
SHA1 ac5d1e51c089a599fe851507f79527a20e27a24a
SHA256 13ed0f7b5adec8b30a28f1ac8987e7f624de5089247268e85e96f6d38831b211
SHA512 34c9fd8470c1f78e39ae9636ee7eeb333ee440bd86dd959c8116865d08d3ab46712f80e25fd8a5cee15de076a5818d8e5365b33805d21dd5c7b0973fb66c4cb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7ecd2f3f0d0d26e8dd7d4ccd5d08be1
SHA1 44cef373b6b258f09aa23a4073ce99387bc7e181
SHA256 a478d8006a97eb4cc9ac26c9609b92b21b545e1a79808fba47b66e2675be0f6a
SHA512 37c2cdbf73ee4a7ba89aa151f5e9335584a342c833190e50aec2cd3ce855e4cf6ce61b0f726c6415c0adaf184db28b4efab084f7090f9e09b28fdf88964af8ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 81f0226eeabeb6907d71d99be8b1af52
SHA1 ebd7b4ad7866e71aaaf1e7c0ec23190ff98cbc4c
SHA256 37e354e84de4a6dc46337d8b9be63a6531eeebfaa8524a0963da4d9ed720af8e
SHA512 fa02f3562788f180eb3de854e5374b331ef78b97822cdc503dce0a11c4f14c0d4b60bc08a793997c00169fa0f371b03a5e9507fcd833c9a4f74a241d1048873d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ae28.TMP

MD5 faa003eafc8c15245745c4f5f23aaa57
SHA1 86a513bc84e5cbfa6c100086606c93464bac6a8d
SHA256 fbc43c55ad556e32b552fdb77279d3a3abcb7904ac83f8cef7e01ba3d02d01fb
SHA512 876fa26d3a867c107b7183267d8fa035078ab2bdebfe44c0f192a92e378612e8e0ca76b83bcd375fd1d67de94b8471c6cfe37f4257adef177a71f0f943d1cd56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 088490e6e5508c71eec96367bfd77fae
SHA1 2d97ed1ed9bb27420a9ca244b21eddca1891f877
SHA256 8ee428281e789d12f6bdafbab42226821293f3204c0aeabfb57e618a940a7f3f
SHA512 e39ba6ac2e5e87a6cc7846b0c5394c422c5553bfced628b2dce5eb470f8d8479022cbad349738deb0069f7f2810b813f0b68fd1544b12e943bdbdd3eb19fc401

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.vshost.exe.config

MD5 28960c034283c54b6f70673f77fd07fa
SHA1 914b9e3f9557072ea35ec5725d046b825ef8b918
SHA256 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512 d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

MD5 94e7e5e1cee055f9ac963b7650d5d8bd
SHA1 f18a89aa7fa97135b1214e31f2c79877d2a04284
SHA256 94fa692514c48c66ade5a1a90d07b4114272faf810801efa472b803c49231ad3
SHA512 13f1eeb4788bf868e126e840645f7096c613d748318958116eb3cbfc44dd5876b024b85f8dfa0283921181e1ca3424c721780607480fb7a621ac4650ff6b9e99

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Inch

MD5 c5ee4dcc9184a60b60f76481af4529b7
SHA1 7bbac90ca2bec5b295fed1c845dbec6ffddb727f
SHA256 7863ead1f7df1a80fc847a1751d02d99700714b9a4848401028bc7d36c4ba0d0
SHA512 c8cc6005194b041381a20ab0f02f7b35148fbf04c9b1b32d36dc4fa3aabfa5cc0f2db12163cb727ce48bb4db72fdf31a0e676045306cd72b9f6c625c1fad24d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Innovation

MD5 a159d27c920ba255b699838eaffccddd
SHA1 07e71d8b5084395931df7acd1771b2e9609e4ebd
SHA256 105b7b26ab1b62e5d3f32bfb07fbb8f91ad3e434a41ebc55c9d4d3befa82528d
SHA512 7bb0119fa06d4b6cc214015b2f87e05e9c1f1d139d7c85089c28a3ed36254d41dfb4ab8b19e471424f6d487159e497f5488bd8607d005402ed0820fbbdc0225d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ce

MD5 49fb14a076bcafc86abdbc27ebafe16a
SHA1 65ee937829f08d102962d6e3922eeaea2c84c069
SHA256 9d5aed42fcd6d3d8951bb96670834267e810f84b34860e3bf351afca28e3afb1
SHA512 5dbdccd64410a36dcaabb0bdb793e6123dc61bb32ac316644df394ba4c8ab147a027c38e8f819593b689189852c1436520866afa90d1f9b6b18398060610427c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ml

MD5 edbf126b0d7e08948d224a05c9f95c99
SHA1 3669fba40d2ae16eaad5b6f35c92316d478e6d62
SHA256 8ded4af5019a2a1bc87ac8b309ba3de6595ea545cc654430804bb67ae1c38ea3
SHA512 fa75adb54353b5ae83ca072a941fb40d6efc19444e28e425e71692e7801eb9070be8967634c22148f0691743edd878605eee08867797142df1ac9c8c7f8a16ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Et

MD5 af2e88cb701298b419c76ac6e2d29138
SHA1 bf164d6fc81cbdf1350dc4cd12326a207ce26987
SHA256 02bea5cbe6052966fab2a8777c7be1927f70c57c57e64c46163288345e31ca80
SHA512 06c9d449eaebadd21a30f6960b6f3fe989f4316dc6119acbb5366624575d9cc7cac16d6825a08b286fedeb4cdf134e469f91e23e895833bb254c7bca60d7724e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Probe

MD5 227f0c2bb7513cb9549bf64d7a9b78ea
SHA1 0a9b1a053fc2a69b263a47f4b91943f60ba33ab4
SHA256 09b0812cf3a6232db410a32a7f288d2a2af53116475bd84c00cee02413798ada
SHA512 4a9180ee4eea8519cec3d082183da51aec4a0a0f1b71c1c19266056c400682a9c6bbe24b03ccc897690dc41007bdd9ab7ff3366f049ac1ab647acba9c39a12eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Prev

MD5 b38311b401517c75f606fa819430d170
SHA1 d9ed5c00db2c4c81a86602e9e66066788d87ce9a
SHA256 f4668ab86a62ae276fb3e9f0940e4a0b0456ff308b552f6e162795dd0e36b704
SHA512 5152bf7bc3eee603784dce61ee9ddd5ef9903fc6219e3052b96f7f0652133e50473ee25da4c85672a67ec3d47ab9bfb4e295a9a4c2a6f60019dfc01c65c9f3c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Specify

MD5 e8a0490f31dbef2d3167b57713023d79
SHA1 7856a4a2f9493d0d519700d30935f834c1c0f81a
SHA256 367162d6b910ab48099fcaeb0b15d5b2acdefe995607ffd0bdd3d2f5d5b0f2ad
SHA512 0f89df4ba61ed14b6ef1774cf8a96974b2220cc7c782451818d2395e111d6da7283c9fd2e95589a4d4f644c87ac8efa77ae9f41a17be547a8cf94bcf04e16c01

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Roommate

MD5 ad4997c14c040ff7fac72a295d80e7c2
SHA1 d4ac36b2f27ff097e90a2ebe8178ffdb238e022e
SHA256 3713b88f240265d95a532172bd41471c624126826a6176363e5256e1303bc234
SHA512 ef71df08a3b04942390976d721a175bc77365c6f725e82df102ef0d2b9a9a6f1ded8ed66f31e159f97dffe1a468413ba371883ff3e32def1f102bcd0112f71d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Diet

MD5 8f80a990e34a018bf985ae5ee6880892
SHA1 9ea1c5555d63159d73331044cd2466002bb4b0ae
SHA256 9c4e2822f78488e9ce0e471944802feb840ae2aac1dd70dd0b38e69d06bb9462
SHA512 2e85af9e4e3b499a8577fa51c302a2a3df10bcf03650c68e6be82f6108ed0e9f5523abcd86f9ce8fcf6fc5ef7e5e9df5588e5b2f4ac1472dc006f22176a2e32a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ebay

MD5 ca0e475fb526f9bd88952e61eea23458
SHA1 aba4f6086c5f9f956059229428ab5809da1c8251
SHA256 042b18a9ccd495da456a3bbda195a91fadb37488fa3f24abe3f2a3bcc8fc500f
SHA512 a375461c6c5326a584476cf1228e0d7ec28d5e45d1af8e12a208336c4cec33885f2b668a2351d53be134aab6089c4f90b067920cb2638cd21ff7e54e073b690d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Debug

MD5 3878f94befdeddeed4508cc91d30b775
SHA1 25dd781cba90168310653663767f51b82eae189a
SHA256 139c7c899303807f4c674d4ed2acab9043e470f3aec1598bc62f77348a3bafe5
SHA512 f12390ee74eb18557b2dfb4ea92f0875df945bd454c7b8304c5523df92ef53bb39fbb127044db29d5015e3ff5d2dedb4a2a69fe05a34be2b7200c969869d9904

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reservations

MD5 03bbac1012dc934a35d46a76a50e08ca
SHA1 a5e30a19cf6158349cae5731c35c35074dab14e9
SHA256 48eae157cbce36131cd2bdb12783c54830cfd41adf64b79bf667f71bab318b72
SHA512 c8b80dfd1a0f56634c9dad9cb09672eabcfe448f7270a783724623ae08c87f2948409865e3a53c8a464ea88f51777cb037421d9112b5c3954b242bf28aa25f52

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Woods

MD5 44814f258e71a515115ee6b5b8288d50
SHA1 a8457825e68aed5813384a763163dafdec3502d0
SHA256 29c65d8353f89236340327b3b406712f7bc167c3004c8c68ccd20cde1bc1bc35
SHA512 21afd05cdc279e459ade9343aa5e6b78bfd097bd6bc34963421c457d131fae4efb33117258d78c1fb2043df627cee9f4db60de4427c9599c8b2ced42470acebb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Issue

MD5 c2a3acd5ffb5894a56f6d3546d5f9e57
SHA1 76c605744596cd2ece89fb6b7a6ab02379379eff
SHA256 f2bfdcb7a8fe95b531c796bd581258b9b61d1fbe815311f6dc2a633b0f80d8e9
SHA512 681ce12931591165b40bd46235bcb9d2fd2913aa9f3841d3d0b51c1276d951b85b30b50c0d92437191fc79522aba017c56849fa35826e71387401a716c6c01da

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Breakfast

MD5 099088c7bdbeb6b0c025727492dd71cc
SHA1 3b186caff335362dacaf494a37f5c0bd8a42d5a8
SHA256 20883cfb559483c21725fbbc28934ddfe1a2bd9d3889fc0b2a925d41638c818d
SHA512 8897621fbcf8aec2409704dfa419edaff7a4321e2d5b0e7ecb47a1025fc3f8bcf1ea0a0e2ffa8bcdff13197fc427de395601607e8fa400e07d8c4f759173e46d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Hammer

MD5 a594248941cb800e60aa32730e5afb2f
SHA1 b0f9230e670211942c750d3c68b148e2164947d1
SHA256 0df59af13668eca5be679c3e3a3da05185a59b2fd9778f2aecf3a3f353b9616d
SHA512 44923dcfbe8769895fa1be73bececefda9f78bfd40c18f0a44427225297f3edf28718becce133b0c883bd5f878bba82ccc0f658982eb187dd810ab2f43a53b2d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Disclose

MD5 11a09faaee7bc02ace390631b890021c
SHA1 fdd4a531a3be3eba5555ea9cfe9007dda09487a0
SHA256 ab4df3d0689cf6deb9baf90f7265d3465071a6e5b2d243a637d5ee49e997faa1
SHA512 4a72289d0147e065baa8f1d325c242bb8d7996c080a71e9053d3f1a7a7e2bcc9d5d2e04603f32d85ae34f8d903de762bab421917d78f87888cbec2b04185d773

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Up

MD5 44c2a2e9389c9670587e7738cc481612
SHA1 dacec904f8f08948270f85b6496d2d0d9a291766
SHA256 4e6c972ee2bed1fb9953db12ff17d4e2b9bb3dee64362d9d182aa492e566f08e
SHA512 dfd35d87a4fb63971f6b07e3f60f387809563486a5373dd7af20a8e5245f9ea0d429837ff2ce3e9015c00036a992c1dbf0447971f192bf6e60bb51dbf14a0d94

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Communications

MD5 a78d9f9007458dad6a6288b823c02308
SHA1 6301c74ed457ea40b1f51cbd936213413db64c73
SHA256 d2410da2189f66692da2d44eb27900089b99f6433d5dbad7487a2dcaeeae5b2a
SHA512 886dd057ee869a6cdd75f7a57e3ac97ea9366d5aeae03ca7407d035d02b8eac8795122ee5a4827f8a566bdca29ad37e84e48fa1b4e14e16d8bb465cba0c9c6bc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Smoke

MD5 a6f632d877e85b03e384d505ea5eb42a
SHA1 2482da9e439923377d00bf481bafcb14a2fcac3b
SHA256 1b462e05740e262a67885186c277495de523d66ccfa216c2995f9209ad250b2d
SHA512 b29a73018c6029ce9cedd366d3307e351d03462d4f2dcaf9316b34e20d9d833b262f3a0cdb0741468f97599c171b25c016819be39ddbade4d3ef28ff340bcbf8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Chronicles

MD5 cccfe820790a18ad637c8c48190a07ab
SHA1 2860eeb3aad76c4de98251c643b097452f2adbe4
SHA256 e76044935d27539fe765cf0f38d62699736b8bfc9e1f9abb4dc9db3a325308a7
SHA512 e518668dea9e6d40bf51781792a85322b0119f67eb905f1064b8b08569413460598e1cf6a31e95eddf7500e315f082b37f55e91455dd91257a08daa5c6de3200

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Beef

MD5 654f7945c1c6e8cf978cccce420e373b
SHA1 5e53a3e35f09ca36692a566a0735a398e1e541c8
SHA256 b56604fbe129b7f4c4ed303747f006541a46c0194871c92edac85bef7a192189
SHA512 ae05c90eaa2580db92c102f0de514a0226504d3679eb7ec3be6b01a5f7e8f704a5411370c588b8fc92aa930e699abad3ff6b3c9869c88a9370b72096e8703ab0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Changed

MD5 d9f09a4c8c1043afcfc246936564ee01
SHA1 169d6920213f5b8f3cd1cb576170e9ff6344fad0
SHA256 e672668d0fa0efc8952e4ff1f9437a5281827f0c16fe6e02a6792ba0e40b5b3e
SHA512 ef054d017fb61b32bb3fba7293173694c449cbf29d87830419fa1af27f6ec2da3dba6e72e8c7d88bb784bd8297606a05bfc039ca490a47978ec99731ee98c71a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Locks

MD5 1659a7eb3dba9d9143f98def92dbbb88
SHA1 3338d23d47256b6c4bd475bd953dcb7b6de13f87
SHA256 8271297087605f98d4351eff05198533a63924f7b666754b85894392aa9327dc
SHA512 c473fc5b74a1877e29f2e904955bd1bb270932cb40148c25c49d5dd7f6d1932a1e70692083176c00eea82adc73e3bac860847bce7bab5d1ce1ed259415fd795f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Marble

MD5 955750a52c9c524e3b1df558e4e598e1
SHA1 6362a9a195fc6446cedb85ecc8df0ba82a9a40b9
SHA256 f233ec33624377ac70388bd8738bab20538b7f8cae46dd1e8bfaf3c87014580f
SHA512 1d7e2fa136a618deffa215fec63b24ca1918c0d2f467c28572a6907e1cedc2c9356536ee111f9d9e0f917d5e38f3322cfcbb0d590c94a526fd9a98e3057b188a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Irs

MD5 cdbf87ed2611759361edcf2d1c36cb8d
SHA1 fde07776b66674be84f7e112b080c4b20a6972cb
SHA256 4a2afbcbf160bf24e04c3b9aa72267ffe589a7126aedad36e8fd22126fb79ffd
SHA512 e1b1faec18c602f5d89c64488c148ba943dbfb014e4e2f030a00830d032c58ba95f79d135c39a4cf7346dd815f1996a8f863642f96f37ec9745dd46f42b6e32e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ray

MD5 15b3c47ee4220a1317285551dc46df3b
SHA1 ecccbd8d0bc7616f30548bcee6179da004f64553
SHA256 9be2db11436373cbd4dabb4664297a0814ffa18be3a9637de1b583adb863ba79
SHA512 9859bda25d9eed059d9ac27d091dffcb63a1ea7a37c2dc3b7a7c8006d65e64414367021c97b4c27f1de2dd021f125d7e6451dcd07a497a05c0e0150c6f56d4d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\Infected.pif

MD5 b06e67f9767e5023892d9698703ad098
SHA1 acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA256 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA512 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\X

MD5 564fcef4278786869d9e7f8606d17f47
SHA1 d36470b9a08322aa27014fc9ae97a69829ae4d54
SHA256 7ecd3748e97c574c643cad0722725983ac377a780f8e5442c383ce7a3b2205bc
SHA512 983ebba8851235fbfe515aa9b4156eca079914bb9c126d5f31c592bcb0025d26c54e2fd50b9f153b9eb687b0cae4361aedee61634004296680d5d454ad0022e0

memory/2252-397-0x0000000000790000-0x00000000007E2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4164384\RegAsm.exe

MD5 0d5df43af2916f47d00c1573797c1a13
SHA1 230ab5559e806574d26b4c20847c368ed55483b0
SHA256 c066aee7aa3aa83f763ebc5541daa266ed6c648fbffcde0d836a13b221bb2adc
SHA512 f96cf9e1890746b12daf839a6d0f16f062b72c1b8a40439f96583f242980f10f867720232a6fa0f7d4d7ac0a7a6143981a5a130d6417ea98b181447134c7cfe2

memory/2252-400-0x00000000056C0000-0x0000000005C64000-memory.dmp

memory/2252-401-0x00000000051B0000-0x0000000005242000-memory.dmp

memory/2252-402-0x0000000005160000-0x000000000516A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp6454.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/2252-448-0x0000000005DF0000-0x0000000005E66000-memory.dmp

memory/2252-525-0x0000000006440000-0x000000000645E000-memory.dmp

memory/2252-589-0x0000000006B80000-0x0000000007198000-memory.dmp

memory/2252-590-0x00000000066D0000-0x00000000067DA000-memory.dmp

memory/2252-591-0x0000000006610000-0x0000000006622000-memory.dmp

memory/2252-592-0x0000000006670000-0x00000000066AC000-memory.dmp

memory/2252-593-0x00000000067E0000-0x000000000682C000-memory.dmp

memory/2252-600-0x0000000006920000-0x0000000006986000-memory.dmp

memory/2252-601-0x0000000007770000-0x0000000007932000-memory.dmp

memory/2252-602-0x0000000007E70000-0x000000000839C000-memory.dmp

memory/2252-603-0x00000000076E0000-0x0000000007730000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-22 04:29

Reported

2024-05-22 04:33

Platform

win11-20240426-en

Max time kernel

239s

Max time network

225s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 3760 created 3312 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif C:\Windows\Explorer.EXE

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
N/A N/A C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
N/A N/A C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
N/A N/A C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Endpoint Manager = "C:\\Program Files (x86)\\ITarian\\Endpoint Manager\\ITSMAgent.exe" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Esm C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Esm C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Esm C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Esm\ C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Esm\RemovalSecurity C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Esm\RemovalSecurity C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://ertytvm.xyz/?FCmkiNRLh0Y2BHeutdTwaKGo54Mfs6-xIzrmYvfqdQhHKX4B1CPNVREiawejpUG3Lo7WMuF9A8c-Mf62jtxdLuv8WekyJqrXRI N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E455012CBF4BA8A2AC67618C00590908 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E455012CBF4BA8A2AC67618C00590908 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\copy.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\msgs\sl.msg C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\RmmServiceInstaller.log C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\mhlib.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\gyp-0.1-py2.7.egg\gyp\generator\eclipse.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Etc\GMT+12 C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tix8.4.3\demos\bitmaps\combobox.xbm C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tk8.5\demos\license.terms C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\msgs\sw.msg C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\America\Resolute C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Jamaica C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\DLLs\_tkinter.pyd C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\cookielib.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\lib-tk\Dialog.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip-7.1.2.dist-info\entry_points.txt C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip\commands\install.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Pacific\Tahiti C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\compiler\syntax.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\idlelib\RemoteObjectBrowser.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tk8.5\ttk\clamTheme.tcl C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Antarctica\McMurdo C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tix8.4.3\pref\WmDefault.txt C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\xmllib.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\d3dcompiler_47.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\ensurepip\_bundled\setuptools-18.2-py2.py3-none-any.whl C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip\pep425tags.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\encoding\cp936.enc C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\America\Curacao C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tix8.4.3\demos\samples\STList2.tcl C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tk8.5\demos\tclIndex C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\encodings\cp437.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\lib2to3\fixes\fix_buffer.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip\commands\search.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip\_vendor\requests\packages\urllib3\response.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Australia\North C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip\_vendor\html5lib\inputstream.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\encoding\iso8859-5.enc C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Brazil\DeNoronha C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tix8.4.3\demos\bitmaps\harddisk.xbm C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Mexico C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\America\Kentucky\Monticello C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\America\St_Thomas C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tix8.4.3\bitmaps\minusarm.gif C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\linecache.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip\_vendor\requests\packages\chardet\hebrewprober.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\America\Curacao C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Antarctica\Syowa C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\_MozillaCookieJar.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\SimpleHTTPServer.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\pip\_vendor\requests\packages\urllib3\util\response.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\America\Creston C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Indian\Christmas C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\sre_compile.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8.5\tzdata\Europe\Belfast C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tix8.4.3\TList.tcl C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\idlelib\GrepDialog.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tk8.5\tk.tcl C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\encodings\bz2_codec.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\multiprocessing\managers.py C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tix8.4.3\bitmaps\tick.xbm C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File created C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\idlelib\config-extensions.def C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tk8.5\images C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
File opened for modification C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\tcl8\8.5\msgcat-1.5.2.tm C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIEEF1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF2C27550CBACB76D8.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e58e9d0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF58C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF07DC23815E37794A.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEF02.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF4E0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CA6B5E30-616B-4A5E-BC20-52629865CC0A}\icon.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CA6B5E30-616B-4A5E-BC20-52629865CC0A}\icon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e58e9ce.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEC30.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFF42.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\wix{CA6B5E30-616B-4A5E-BC20-52629865CC0A}.SchedServiceConfig.rmi C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\Installer\SourceHash{CA6B5E30-616B-4A5E-BC20-52629865CC0A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEF22.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6B5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF3BF5E65D7C236242.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFA74AB31DEBDFB007.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e58e9ce.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIECAE.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007968374e010db61f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007968374e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809007968374e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d7968374e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007968374e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\40CEF3046C916ED7AE557F60E76842828B51DE53\Blob = 03000000010000001400000040cef3046c916ed7ae557f60e76842828b51de5314000000010000001400000017d9d6252767f931c24943d93036448c6ca94feb040000000100000010000000886ea78b530e0fd5bda4e12527ab6a2c0f00000001000000300000005d2164164eb6f3820b9b8d7a5601b60ebf70d832d2029c6c3c966db107dfcb1ba12a25700f26ca3d5b36e4a6cb576cfa19000000010000001000000092a08f142bb795a2197a0d3c7af066f55c000000010000000400000000080000180000000100000010000000ea6089055218053dd01e37e1d806eedf20000000010000001d0600003082061930820401a0030201020210137d539caa7c31a9a433701968847a8d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3138313130323030303030305a170d3330313233313233353935395a308195310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f726431183016060355040a130f5365637469676f204c696d69746564313d303b060355040313345365637469676f20525341204f7267616e697a6174696f6e2056616c69646174696f6e205365637572652053657276657220434130820122300d06092a864886f70d01010105000382010f003082010a02820101009c930246454a524892fc578df92dea53beb32cd5d8a8a5ec5b6903c01d10f65933defe0748a8e88c7a674af1f58dc33766d03291f7c49d0460c4b54ae2838ba7ae26d45d3a5ef8d11671bb8abd71a27dc8cea26024b052a03a4551de78936c6260f1e4569cb73bf73c55d8dfd57a317c357f125170e12cbe04accbfa4fe17c656ac040a7d97ca5638419e1f7caefaab4e8585ad999e326df8e12b2b8dc33b236da141d965842406e0b22851c5122aec4c806456d92e667b71923e4d8366b85d07fc752e3cfb07501e089b4a8bf8a364ea3e06ceb8441cea52f482213975062451e09a5cc9f6c57704006db20e81bd6f3938ba7329eb7441509d7affd7c011cdb0203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e0416041417d9d6252767f931c24943d93036448c6ca94feb300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f555345525472757374525341416464547275737443412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820201004e134096c9c3e66e5bc0e3baf417e1ae091fc9bfcb0c2516f27353b3761ab7ab4806d6cd007c204543456c165a1b1361d749baa402a4ace8cece2dc92a74a3dcdeaeabd06836f891af3c01f777d50bcf97abeb87e715a8fa305a617120b1c043c4b98f6d8a31eb153624fb62d50b9c8fe966bde661519793b61d87bdb0b56cfea6112906613431303d20277351d0de8583d37739204696daa7c65a162785b2cf4e0f4e8c5cbebe3800f84bf9727bd4f27ad7a22985d004bad3422c5188522ed13d246747ec55cc1bf4ca34ea26c1deddc42189f6ba7b321e8e965e844538cf80aa37698b6017741548919c6df04ea377ca1b1c48faf9cf49e85f4f850ae28f901bab704c9aebb7a63fb4ac5da45fcfe6d88a9690f74f268160765d0f247791b32a319f165ab25d8c1c29aa489c8e6fd3784070db77ecdde3d15705702de64998880584620570567686394ed3226f1dfe6df10eb362c43ccbc085b9611ebae1158059940cae05bb8c7f56be1cd25abf97f26a4cb0c67076b0908dc10b36b911d8d6285cea4ffe24b7180a9b0cd0c17c5cfb69bdcca24dc690bca64df2b1bad69a675b960252d082f9c40a5c0d28e03fc8fa959589d5a4be496c40b23ea86bb8d525b2c4fef1d3d7e7d6dc43017630fb3b8b5df74a897c9a35befccaf05701f08d3fa087327b475a974b82d266c2c42dea3f24f4a7f9a8b9e36ad91861a03b8c15 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{289AF617-1CC3-42A6-926C-E6A863F0E3BA} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF = 0100000000000000446a9dea00acda01 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{35786D3C-B075-49B9-88DD-029876E11C01} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF = 010000000000000014cc9fea00acda01 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608257628131549" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\40CEF3046C916ED7AE557F60E76842828B51DE53 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CDM C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\03E5B6ACB616E5A4CB0225268956CCA0 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\Version = "134527975" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\ProductIcon = "C:\\Windows\\Installer\\{CA6B5E30-616B-4A5E-BC20-52629865CC0A}\\icon.ico" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DD4D523EF099D7E42B1DBDFD40CF9061\03E5B6ACB616E5A4CB0225268956CCA0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\Language = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDM\proxy = "false" C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\SourceList\PackageName = "em_13XP0ghe_installer_Win7-Win11_x86_x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\ProductName = "Endpoint Manager Communication Client" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\03E5B6ACB616E5A4CB0225268956CCA0\DefaultFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DD4D523EF099D7E42B1DBDFD40CF9061 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\ProductName = "Facebook Facebook" C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\03E5B6ACB616E5A4CB0225268956CCA0\PackageCode = "DFFE6588FCABA52429605389FCB2DC8B" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982.rar:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A
N/A N/A C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3880 wrote to memory of 4012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 4012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3880 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa11abab58,0x7ffa11abab68,0x7ffa11abab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4652 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4456 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=1808,i,15041923982854558463,12845051399265599010,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\" -spe -an -ai#7zMap26787:188:7zEvent29618

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Inch Inch.cmd & Inch.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 4161514

C:\Windows\SysWOW64\findstr.exe

findstr /V "TemplatesJunkFinancialBlocking" Innovation

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Locks + Marble + Irs + Ray 4161514\X

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif

4161514\Infected.pif 4161514\X

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe

"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe"

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\em_13XP0ghe_installer_Win7-Win11_x86_x64.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EC2AA232EA58AD9E587ADC69F6AD2EC4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EE00E4B7F1980E7F072D973160BF4556 E Global\MSI0000

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /C "cd "C:\Program Files (x86)\ITarian\Endpoint Manager\" && "C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe" "

C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZSfx000.cmd" "

C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe"

C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe"

C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe" noui

C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe" --start

C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe"

C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe" noui

C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe

"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0096ab58,0x7ffa0096ab68,0x7ffa0096ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4964 --field-trial-handle=1764,i,3052357495460550165,6709374565095285919,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com tcp
ID 103.147.154.182:443 download.hrdagadu.com tcp
ID 103.147.154.182:443 download.hrdagadu.com tcp
N/A 224.0.0.251:5353 udp
ID 103.147.154.182:443 download.hrdagadu.com udp
US 172.67.186.50:443 mthr.dev tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
UA 45.89.53.206:4663 tcp
DE 3.69.210.6:443 mdmsupport.cmdm.comodo.com tcp
N/A 127.0.0.1:20777 tcp
N/A 127.0.0.1:20777 tcp
US 34.228.171.143:443 quickbooks-msp.itsm-us1.comodo.com tcp
US 34.227.128.175:443 xmpp.itsm-us1.comodo.com tcp
US 52.216.33.232:443 s3.us-east-1.amazonaws.com tcp
US 34.228.171.143:443 quickbooks-msp.itsm-us1.comodo.com tcp
US 35.222.52.117:443 api.dragonplatform.net tcp
N/A 127.0.0.1:20777 tcp
N/A 127.0.0.1:20777 tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp

Files

\??\pipe\crashpad_3880_PSBAJHOMHVLENXNP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6a6912aa4ae27f5367a726816683539e
SHA1 4cfd09bab2ba68056d6a638bcb774e48467fce52
SHA256 02091f42e2fe3dd80dcbeedea605add6d0da8745a6c9437a9ae7bcde605c85cb
SHA512 0b1602945078764ab9b87efcc7da3929f01f147a342c995231cf96a021e84060bc4336c11939991492be2423dab0d7aadb8afafc1c35d5cd92e38a4e20a18629

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8322e1307327fd0bb0b1466100bb1c4
SHA1 1133e29f955bbba42d4ff1c4e4fccac1e2159154
SHA256 1ef2e632ca21b17a8b09ea3a030754a16d2dc7301868e3ba30af324822019136
SHA512 8bf73b950884603a2511a04ab311b6ae64da398d1c23104fb8cabd1d2d2189226001d24110787f0ada14ae93c64328a5a3b325b8ac7f8635820e7d4ae47c22d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bac0af1a0325f1996cffe45f1a248e39
SHA1 b2462df76ab8b1472be8d9396899b35587b86b6b
SHA256 6575fb1116e3b8abc2f25db92a472cc7d07e62b4dd9fdc71dbd9567c54570b20
SHA512 c85490cf40bb2298fd86c2efa34bce530cf584117b6411504a1180a61d1337e3ba6b61ec34921f5cf69d9a94d92bc224aad9b5d263046d792649c98c269e1f20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b892d32f6946ea42e84aba626a9f3154
SHA1 c7ef7a9f72b2ab2538136a49c8da9e4b747de028
SHA256 882a025321e18432669e84308d24a35b8e45bee0479852e2bbdf7a5dc8d63f25
SHA512 15a8772217dcb70732bb83daf443231840ef2c97c1145acc8401a910a03728bb09aa649a32a5ec04a61bbc003c253939070799ac417c6774c1db0122a8c917cb

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 14b2ecbdd18898c382043d85da54d2b8
SHA1 22105ab55af7f77fb5901280323441a43517ebf1
SHA256 757166eef347e50eac20d496ce8e5caf628ad148456532bccd6aafa739dec748
SHA512 e8cf0132e3210f8dd8dc46b3fb448deffcf10c5a61acdc64510d4ccdcc4a124536d8bda00e1111d44ab1bc2d6bddfb2decc124b9e6d30a75899f9242bb84fd4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 306a99255737849bf127564165690287
SHA1 cdda7cb4f1710224d8d33fec8e00b3ab76af0af7
SHA256 e088c6b44d2d9e3a300f555223a132761a489028f797f677e6b393e6ae531b0f
SHA512 0025515d01f0c99b5614758c6a84bbc10b23b08b5e0374145703bb5f775965a05a3ead96a3639d57cd6d57a2f01678acb992e6ea8ce6481abf73037e5cc2ab41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f87972d5da7f4376af7b78a91346ad32
SHA1 185fb43cb6ff0f35b332dd11eac9da9c38fe6346
SHA256 35d370210d4bafae7540a8a831e84effa79374be83d603ec43a3a8c89012be99
SHA512 c402e0673aad808215d53e3018008cb9a1e4a5cae7d8456bf1eb606b01847e0b74998bb1b8d12c22e8256b5d3580f51448fe62b71a022106e255b8b9d0c021a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a38ddf4b106bc6de82c5a169b780e75a
SHA1 76480c80b2216cbc99ef4e26838cdc13b99d03c0
SHA256 08355089a403b7d663e136b33ebb09913f83d1888c800272e516d1892050b587
SHA512 4ea665db7dedffb90436e89ae84d4debe56e27184db7eee96a9f997f71f48d1d0504f41c673db61264f1ebbbd736bb031180fc26d12d3f245ad7379b75f01f26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ae8f.TMP

MD5 569f66a17237238b0fa28c00c6602951
SHA1 14382e16d4b46a471998e1d0709d0317450fe541
SHA256 917cc5c365b7a0136700c90e970c32e693050157bd043f6b42a9f5b25800382c
SHA512 ac930373eabe08b3cc1659a4c29728500491af15230d2e25bf9aa1b053eb8adeae897e3eb012628d7b13b8e491764c2c899080e95cf01fbae7ccdba509820a76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0717eb701d6016f379db38b766d6c8fa
SHA1 6e741679524ff5903f1995eff2441995cffed937
SHA256 a75d1bd0d8c31ac9811fa01df42564ba8aed588ab1e1b593d3b16f57562a697d
SHA512 96667e8c0b5bda99f2cb67c7504d820f0652482a13dbb92c26432b4256097aa2fd1c07440bf0408190b1221ec595500a41c274acdcc8c486b2214d8ffecfb563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\530cf4e3-e23c-4d6c-bbdb-15290e7f8d2f.tmp

MD5 b402bc47b124592b22fac0814c96e03f
SHA1 a949915d76aeecfcc3866f3c0829a8bd36475444
SHA256 0ce2d10872625a65caa6d78c3e6ff606a115ce17acfcea4b0a1bf96694878278
SHA512 0717b6c0f47d6ef4a31f8c304395f61db4d151461a9e571b3af5646ca8a8954dbab08f63e4aae915dacc1e1bfc84f88c2368c8e73815bdbc6fc3f14c8b359d0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 4c77486dd6b4954e2e3f02b587612ae8
SHA1 ded07c3c2046e9f770e73c8ccbb994d2c2591322
SHA256 014ed01cee2089bf20776218f18fe949b8bf21a962e9d5bece9f407bdb94f54f
SHA512 9c6b407746a7563f1ef48ad5c44826b7cfe4b96de15c713b870fc6f51a4317abeb7a673beb13811cdc5ce66a4b089ceaf199706cddf85445fdea5cee4a025be0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e326ade81adaf4938f10648ed7463dd3
SHA1 8a3c02ac6c57dec1e05cab96f1fd5ba8865d54ce
SHA256 b6540178815f878a91f9d42c63e01628a83fdef5b2426bb4ba28404bfad3180a
SHA512 e36364359c92bae4c01488b80fecb0a7c3201eb17c2f27604c623f1cb3b0360abf6032105fa2e0b10086f6c3aeb64d7ded3c2f32ab8a5b2f867e0a8ab68ac9d3

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.vshost.exe.config

MD5 28960c034283c54b6f70673f77fd07fa
SHA1 914b9e3f9557072ea35ec5725d046b825ef8b918
SHA256 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512 d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\Setup.exe

MD5 94e7e5e1cee055f9ac963b7650d5d8bd
SHA1 f18a89aa7fa97135b1214e31f2c79877d2a04284
SHA256 94fa692514c48c66ade5a1a90d07b4114272faf810801efa472b803c49231ad3
SHA512 13f1eeb4788bf868e126e840645f7096c613d748318958116eb3cbfc44dd5876b024b85f8dfa0283921181e1ca3424c721780607480fb7a621ac4650ff6b9e99

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Inch.cmd

MD5 c5ee4dcc9184a60b60f76481af4529b7
SHA1 7bbac90ca2bec5b295fed1c845dbec6ffddb727f
SHA256 7863ead1f7df1a80fc847a1751d02d99700714b9a4848401028bc7d36c4ba0d0
SHA512 c8cc6005194b041381a20ab0f02f7b35148fbf04c9b1b32d36dc4fa3aabfa5cc0f2db12163cb727ce48bb4db72fdf31a0e676045306cd72b9f6c625c1fad24d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Innovation

MD5 a159d27c920ba255b699838eaffccddd
SHA1 07e71d8b5084395931df7acd1771b2e9609e4ebd
SHA256 105b7b26ab1b62e5d3f32bfb07fbb8f91ad3e434a41ebc55c9d4d3befa82528d
SHA512 7bb0119fa06d4b6cc214015b2f87e05e9c1f1d139d7c85089c28a3ed36254d41dfb4ab8b19e471424f6d487159e497f5488bd8607d005402ed0820fbbdc0225d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ce

MD5 49fb14a076bcafc86abdbc27ebafe16a
SHA1 65ee937829f08d102962d6e3922eeaea2c84c069
SHA256 9d5aed42fcd6d3d8951bb96670834267e810f84b34860e3bf351afca28e3afb1
SHA512 5dbdccd64410a36dcaabb0bdb793e6123dc61bb32ac316644df394ba4c8ab147a027c38e8f819593b689189852c1436520866afa90d1f9b6b18398060610427c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ml

MD5 edbf126b0d7e08948d224a05c9f95c99
SHA1 3669fba40d2ae16eaad5b6f35c92316d478e6d62
SHA256 8ded4af5019a2a1bc87ac8b309ba3de6595ea545cc654430804bb67ae1c38ea3
SHA512 fa75adb54353b5ae83ca072a941fb40d6efc19444e28e425e71692e7801eb9070be8967634c22148f0691743edd878605eee08867797142df1ac9c8c7f8a16ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Et

MD5 af2e88cb701298b419c76ac6e2d29138
SHA1 bf164d6fc81cbdf1350dc4cd12326a207ce26987
SHA256 02bea5cbe6052966fab2a8777c7be1927f70c57c57e64c46163288345e31ca80
SHA512 06c9d449eaebadd21a30f6960b6f3fe989f4316dc6119acbb5366624575d9cc7cac16d6825a08b286fedeb4cdf134e469f91e23e895833bb254c7bca60d7724e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Probe

MD5 227f0c2bb7513cb9549bf64d7a9b78ea
SHA1 0a9b1a053fc2a69b263a47f4b91943f60ba33ab4
SHA256 09b0812cf3a6232db410a32a7f288d2a2af53116475bd84c00cee02413798ada
SHA512 4a9180ee4eea8519cec3d082183da51aec4a0a0f1b71c1c19266056c400682a9c6bbe24b03ccc897690dc41007bdd9ab7ff3366f049ac1ab647acba9c39a12eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Prev

MD5 b38311b401517c75f606fa819430d170
SHA1 d9ed5c00db2c4c81a86602e9e66066788d87ce9a
SHA256 f4668ab86a62ae276fb3e9f0940e4a0b0456ff308b552f6e162795dd0e36b704
SHA512 5152bf7bc3eee603784dce61ee9ddd5ef9903fc6219e3052b96f7f0652133e50473ee25da4c85672a67ec3d47ab9bfb4e295a9a4c2a6f60019dfc01c65c9f3c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Specify

MD5 e8a0490f31dbef2d3167b57713023d79
SHA1 7856a4a2f9493d0d519700d30935f834c1c0f81a
SHA256 367162d6b910ab48099fcaeb0b15d5b2acdefe995607ffd0bdd3d2f5d5b0f2ad
SHA512 0f89df4ba61ed14b6ef1774cf8a96974b2220cc7c782451818d2395e111d6da7283c9fd2e95589a4d4f644c87ac8efa77ae9f41a17be547a8cf94bcf04e16c01

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Roommate

MD5 ad4997c14c040ff7fac72a295d80e7c2
SHA1 d4ac36b2f27ff097e90a2ebe8178ffdb238e022e
SHA256 3713b88f240265d95a532172bd41471c624126826a6176363e5256e1303bc234
SHA512 ef71df08a3b04942390976d721a175bc77365c6f725e82df102ef0d2b9a9a6f1ded8ed66f31e159f97dffe1a468413ba371883ff3e32def1f102bcd0112f71d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Diet

MD5 8f80a990e34a018bf985ae5ee6880892
SHA1 9ea1c5555d63159d73331044cd2466002bb4b0ae
SHA256 9c4e2822f78488e9ce0e471944802feb840ae2aac1dd70dd0b38e69d06bb9462
SHA512 2e85af9e4e3b499a8577fa51c302a2a3df10bcf03650c68e6be82f6108ed0e9f5523abcd86f9ce8fcf6fc5ef7e5e9df5588e5b2f4ac1472dc006f22176a2e32a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ebay

MD5 ca0e475fb526f9bd88952e61eea23458
SHA1 aba4f6086c5f9f956059229428ab5809da1c8251
SHA256 042b18a9ccd495da456a3bbda195a91fadb37488fa3f24abe3f2a3bcc8fc500f
SHA512 a375461c6c5326a584476cf1228e0d7ec28d5e45d1af8e12a208336c4cec33885f2b668a2351d53be134aab6089c4f90b067920cb2638cd21ff7e54e073b690d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Debug

MD5 3878f94befdeddeed4508cc91d30b775
SHA1 25dd781cba90168310653663767f51b82eae189a
SHA256 139c7c899303807f4c674d4ed2acab9043e470f3aec1598bc62f77348a3bafe5
SHA512 f12390ee74eb18557b2dfb4ea92f0875df945bd454c7b8304c5523df92ef53bb39fbb127044db29d5015e3ff5d2dedb4a2a69fe05a34be2b7200c969869d9904

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reservations

MD5 03bbac1012dc934a35d46a76a50e08ca
SHA1 a5e30a19cf6158349cae5731c35c35074dab14e9
SHA256 48eae157cbce36131cd2bdb12783c54830cfd41adf64b79bf667f71bab318b72
SHA512 c8b80dfd1a0f56634c9dad9cb09672eabcfe448f7270a783724623ae08c87f2948409865e3a53c8a464ea88f51777cb037421d9112b5c3954b242bf28aa25f52

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Woods

MD5 44814f258e71a515115ee6b5b8288d50
SHA1 a8457825e68aed5813384a763163dafdec3502d0
SHA256 29c65d8353f89236340327b3b406712f7bc167c3004c8c68ccd20cde1bc1bc35
SHA512 21afd05cdc279e459ade9343aa5e6b78bfd097bd6bc34963421c457d131fae4efb33117258d78c1fb2043df627cee9f4db60de4427c9599c8b2ced42470acebb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Issue

MD5 c2a3acd5ffb5894a56f6d3546d5f9e57
SHA1 76c605744596cd2ece89fb6b7a6ab02379379eff
SHA256 f2bfdcb7a8fe95b531c796bd581258b9b61d1fbe815311f6dc2a633b0f80d8e9
SHA512 681ce12931591165b40bd46235bcb9d2fd2913aa9f3841d3d0b51c1276d951b85b30b50c0d92437191fc79522aba017c56849fa35826e71387401a716c6c01da

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Breakfast

MD5 099088c7bdbeb6b0c025727492dd71cc
SHA1 3b186caff335362dacaf494a37f5c0bd8a42d5a8
SHA256 20883cfb559483c21725fbbc28934ddfe1a2bd9d3889fc0b2a925d41638c818d
SHA512 8897621fbcf8aec2409704dfa419edaff7a4321e2d5b0e7ecb47a1025fc3f8bcf1ea0a0e2ffa8bcdff13197fc427de395601607e8fa400e07d8c4f759173e46d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Hammer

MD5 a594248941cb800e60aa32730e5afb2f
SHA1 b0f9230e670211942c750d3c68b148e2164947d1
SHA256 0df59af13668eca5be679c3e3a3da05185a59b2fd9778f2aecf3a3f353b9616d
SHA512 44923dcfbe8769895fa1be73bececefda9f78bfd40c18f0a44427225297f3edf28718becce133b0c883bd5f878bba82ccc0f658982eb187dd810ab2f43a53b2d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Disclose

MD5 11a09faaee7bc02ace390631b890021c
SHA1 fdd4a531a3be3eba5555ea9cfe9007dda09487a0
SHA256 ab4df3d0689cf6deb9baf90f7265d3465071a6e5b2d243a637d5ee49e997faa1
SHA512 4a72289d0147e065baa8f1d325c242bb8d7996c080a71e9053d3f1a7a7e2bcc9d5d2e04603f32d85ae34f8d903de762bab421917d78f87888cbec2b04185d773

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Up

MD5 44c2a2e9389c9670587e7738cc481612
SHA1 dacec904f8f08948270f85b6496d2d0d9a291766
SHA256 4e6c972ee2bed1fb9953db12ff17d4e2b9bb3dee64362d9d182aa492e566f08e
SHA512 dfd35d87a4fb63971f6b07e3f60f387809563486a5373dd7af20a8e5245f9ea0d429837ff2ce3e9015c00036a992c1dbf0447971f192bf6e60bb51dbf14a0d94

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Communications

MD5 a78d9f9007458dad6a6288b823c02308
SHA1 6301c74ed457ea40b1f51cbd936213413db64c73
SHA256 d2410da2189f66692da2d44eb27900089b99f6433d5dbad7487a2dcaeeae5b2a
SHA512 886dd057ee869a6cdd75f7a57e3ac97ea9366d5aeae03ca7407d035d02b8eac8795122ee5a4827f8a566bdca29ad37e84e48fa1b4e14e16d8bb465cba0c9c6bc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Smoke

MD5 a6f632d877e85b03e384d505ea5eb42a
SHA1 2482da9e439923377d00bf481bafcb14a2fcac3b
SHA256 1b462e05740e262a67885186c277495de523d66ccfa216c2995f9209ad250b2d
SHA512 b29a73018c6029ce9cedd366d3307e351d03462d4f2dcaf9316b34e20d9d833b262f3a0cdb0741468f97599c171b25c016819be39ddbade4d3ef28ff340bcbf8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Chronicles

MD5 cccfe820790a18ad637c8c48190a07ab
SHA1 2860eeb3aad76c4de98251c643b097452f2adbe4
SHA256 e76044935d27539fe765cf0f38d62699736b8bfc9e1f9abb4dc9db3a325308a7
SHA512 e518668dea9e6d40bf51781792a85322b0119f67eb905f1064b8b08569413460598e1cf6a31e95eddf7500e315f082b37f55e91455dd91257a08daa5c6de3200

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Beef

MD5 654f7945c1c6e8cf978cccce420e373b
SHA1 5e53a3e35f09ca36692a566a0735a398e1e541c8
SHA256 b56604fbe129b7f4c4ed303747f006541a46c0194871c92edac85bef7a192189
SHA512 ae05c90eaa2580db92c102f0de514a0226504d3679eb7ec3be6b01a5f7e8f704a5411370c588b8fc92aa930e699abad3ff6b3c9869c88a9370b72096e8703ab0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Changed

MD5 d9f09a4c8c1043afcfc246936564ee01
SHA1 169d6920213f5b8f3cd1cb576170e9ff6344fad0
SHA256 e672668d0fa0efc8952e4ff1f9437a5281827f0c16fe6e02a6792ba0e40b5b3e
SHA512 ef054d017fb61b32bb3fba7293173694c449cbf29d87830419fa1af27f6ec2da3dba6e72e8c7d88bb784bd8297606a05bfc039ca490a47978ec99731ee98c71a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Locks

MD5 1659a7eb3dba9d9143f98def92dbbb88
SHA1 3338d23d47256b6c4bd475bd953dcb7b6de13f87
SHA256 8271297087605f98d4351eff05198533a63924f7b666754b85894392aa9327dc
SHA512 c473fc5b74a1877e29f2e904955bd1bb270932cb40148c25c49d5dd7f6d1932a1e70692083176c00eea82adc73e3bac860847bce7bab5d1ce1ed259415fd795f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Marble

MD5 955750a52c9c524e3b1df558e4e598e1
SHA1 6362a9a195fc6446cedb85ecc8df0ba82a9a40b9
SHA256 f233ec33624377ac70388bd8738bab20538b7f8cae46dd1e8bfaf3c87014580f
SHA512 1d7e2fa136a618deffa215fec63b24ca1918c0d2f467c28572a6907e1cedc2c9356536ee111f9d9e0f917d5e38f3322cfcbb0d590c94a526fd9a98e3057b188a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ray

MD5 15b3c47ee4220a1317285551dc46df3b
SHA1 ecccbd8d0bc7616f30548bcee6179da004f64553
SHA256 9be2db11436373cbd4dabb4664297a0814ffa18be3a9637de1b583adb863ba79
SHA512 9859bda25d9eed059d9ac27d091dffcb63a1ea7a37c2dc3b7a7c8006d65e64414367021c97b4c27f1de2dd021f125d7e6451dcd07a497a05c0e0150c6f56d4d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Irs

MD5 cdbf87ed2611759361edcf2d1c36cb8d
SHA1 fde07776b66674be84f7e112b080c4b20a6972cb
SHA256 4a2afbcbf160bf24e04c3b9aa72267ffe589a7126aedad36e8fd22126fb79ffd
SHA512 e1b1faec18c602f5d89c64488c148ba943dbfb014e4e2f030a00830d032c58ba95f79d135c39a4cf7346dd815f1996a8f863642f96f37ec9745dd46f42b6e32e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\Infected.pif

MD5 b06e67f9767e5023892d9698703ad098
SHA1 acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA256 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA512 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\X

MD5 564fcef4278786869d9e7f8606d17f47
SHA1 d36470b9a08322aa27014fc9ae97a69829ae4d54
SHA256 7ecd3748e97c574c643cad0722725983ac377a780f8e5442c383ce7a3b2205bc
SHA512 983ebba8851235fbfe515aa9b4156eca079914bb9c126d5f31c592bcb0025d26c54e2fd50b9f153b9eb687b0cae4361aedee61634004296680d5d454ad0022e0

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\MusicPlayerApp.exe

MD5 07902ccf8de472410921d9c227b17f4c
SHA1 a2c1bc9031eec1930bb5864f81be8c67b609e660
SHA256 562a9b6db51783eb0c71b243c39c359d218b72ee6a6bb1508cc64465f8d4893a
SHA512 4631d0e1a79ea59f2a53bfac28e61d730618dd5ca00558cf41cb2793c8b3dbe325cf14b060ef106f78813dac6a21d6482cd234919eb87f60f10e77bd27e4a813

memory/3840-418-0x0000000000EE0000-0x0000000000EEA000-memory.dmp

memory/3840-419-0x0000000005F40000-0x00000000064E6000-memory.dmp

memory/3840-420-0x0000000005990000-0x0000000005A22000-memory.dmp

memory/3840-421-0x0000000005B40000-0x0000000005B4A000-memory.dmp

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\AxInterop.WMPLib.dll

MD5 8314c1c68e3b3a1299dea6dd6d72481d
SHA1 5e76211c54647ad063966f0e9e48c6dbfbaaf97f
SHA256 78fa2eb63e55f1627d4f74e0f1c58d11a90611b7d756bdf3194f38776b2c3b78
SHA512 be8c454093b5047b7e0e7caf78dcd03e4d240b186d5f19eab69e00a9f6e7f9f638e45788880d87b50aa66028bf00f3334dc15b4a95ae860e39e7b8ac37f28f29

memory/3840-425-0x0000000005B70000-0x0000000005B84000-memory.dmp

C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05182024-278753659075324982\bin\Debug\Interop.WMPLib.dll

MD5 080765723df758e60fe61498ae0f2cba
SHA1 ff6bd0f8defe6ee844ddcde416176dc900b07293
SHA256 b06b558ace77acc8737ef0a9573c965b9c841f3569a694bfb468872b589d94d9
SHA512 51bde71b374e76e57b4406c3eb5a03e839673586bfb508f15383995b979d26cbc58923aa93be004ac1d57183e6a686870127cda1a939ae570c22ff74f045e3c6

memory/3840-429-0x0000000005EE0000-0x0000000005F38000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/4976-465-0x0000000000990000-0x00000000009E2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4161514\RegAsm.exe

MD5 42ab6e035df99a43dbb879c86b620b91
SHA1 c6e116569d17d8142dbb217b1f8bfa95bc148c38
SHA256 53195987d396986ebcb20425ac130e78ad308fdbd918f33f3fd92b99abda314b
SHA512 2e79de2d394ad33023d71611bb728b254aa4680b5a3a1ef5282b1155ddfaa2f3585c840a6700dfe0d1a276dac801298431f0187086d2e8f96b22f6c808fb97e5

C:\Users\Admin\AppData\Local\Temp\TmpD82B.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/4976-482-0x00000000057E0000-0x0000000005856000-memory.dmp

memory/4976-483-0x0000000006490000-0x00000000064AE000-memory.dmp

memory/4976-486-0x0000000006BD0000-0x00000000071E8000-memory.dmp

memory/4976-487-0x0000000006720000-0x000000000682A000-memory.dmp

memory/4976-488-0x0000000006660000-0x0000000006672000-memory.dmp

memory/4976-489-0x00000000066C0000-0x00000000066FC000-memory.dmp

memory/4976-490-0x0000000006830000-0x000000000687C000-memory.dmp

\??\Volume{4e376879-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{7728b583-00ae-438d-9530-186db77a37c3}_OnDiskSnapshotProp

MD5 3cc98ea3175cabe7913451538162f261
SHA1 dd74873654427a81286dd48e41a2b1138c63afb0
SHA256 1ad531e7e6ba1ac3e55eb83be6a4d14c923cd24f18fadbdecbb17373ea038b10
SHA512 8342e96fce84f9353670889026a05c83e474e53e964c475f7a0888e112b06051f28c285dd6f3b3b6c67c02321a75775ed66b9e8b38d73383567c249c31370895

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 09fe91fd4bf22e48cf55db9d2027613a
SHA1 9da3500dcf8199782f1d6c9a7438332b5690b837
SHA256 c33b1156520933cff5917b63e460a44c6a2c4ad59bd8e2f712967eae74977bbd
SHA512 46df4a5cb6d2042e78e43b72c11b3395b9f91d0671e425de0c393bc3c85e740b0cf14d6165d14671946232633241a4b2609c9f081f58da6a198e146cb44adf6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

MD5 ea4f9750ebb0aaf8d8de8561edac88d3
SHA1 45931df3107af6d317bd723be9f902189db3e516
SHA256 1f5c8e2dfa5fc6f571fa7ba938bba9a98c6544359b008bd16c9fce6216c3666b
SHA512 eab90ab6186376e41da4108a928b8de4f2944b50d9fb66ee33e82814c9ba12d4f425c287aff26288fb3753c39fa38f0ae4214919708a6f1346b9bbb86e9112a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 2f7c28efb9ccfd1f11abed93d0237233
SHA1 a5162fef0e4cc12a3d6115c9d5e54aa8c0ce1e20
SHA256 d7dcf5c2ca82542b87efab53f4c49320fc01b04ae90ceeffc913006545f56648
SHA512 c6e5f630da0f16b2d2aa1e6fe7194fcafb65bb356642558d757f0da27ba66684ef4e3319fef0ad00c99098289d5dbdc6867cc68e70e59b3fb28cb53eb8d29e55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 9c02c2bce6311fd19b31ad9be8ecbc8c
SHA1 6d2f50c49f298d8d51f75687ddf3d078f4289fe9
SHA256 09a2d707a06b4089cb247bd09fe97357b59596ca2f1a3b00a379eff57d8e26bc
SHA512 f08f361190ad15e1e790dd2ba31226252723ed3dc860a0c6a96bf25b3fd4f75a382627c23eec57d35062003f6096fd1b12cd62b917f13448f83d3ab747f830e3

memory/4976-547-0x0000000006970000-0x00000000069D6000-memory.dmp

memory/4976-550-0x00000000072F0000-0x0000000007340000-memory.dmp

C:\Windows\Installer\MSIF4E0.tmp

MD5 8d992a2126c1d93fe274057e6d4fb1d0
SHA1 bab132d4923c48b88b746f48114564cfae8184a5
SHA256 6c435a95b9ded21a2c27bfdfb096de2367a9e4f8e002a3dbb6aa6f52b6409276
SHA512 136babf8a8f2053e0c4d1d10c345b4b47dde10f15e230a4e914f3c72eb1144ccded421b2d47ad428a02c4273ac124a86e3e32222b0f1b24f69e22a221001869d

C:\Windows\Installer\MSIF58C.tmp

MD5 d53b2b818b8c6a2b2bae3a39e988af10
SHA1 ee57ec919035cf8125ee0f72bd84a8dd9e879959
SHA256 2a81878be73b5c1d7d02c6afc8a82336d11e5f8749eaacf54576638d81ded6e2
SHA512 3aaf8b993c0e8f8a833ef22ed7b106218c0f573dcd513c3609ead4daf90d37b7892d901a6881e1121f1900be3c4bbe9c556a52c41d4a4a5ec25c85db7f084d5e

C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\setuptools-18.2.dist-info\zip-safe

MD5 81051bcc2cf1bedf378224b0a93e2877
SHA1 ba8ab5a0280b953aa97435ff8946cbcbb2755a27
SHA256 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
SHA512 1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe

MD5 a223cbdc0a058b5158a7b46cd2c5d06c
SHA1 3376c1f6a9d28791c259623846604979ddfc70dd
SHA256 8382bea9ebf7638cd1c5170444330cf27e89eb5e96f76d7a89b47b3ae21425e3
SHA512 ea26b077355dd4000dfb698c1a6d68eea93bc96afd4b1d9e98c3ce6fc597afa7ec436b903b419f872dc2c0d082dee0f75b42b2a776321f26bb6f27883086d5f3

C:\Config.Msi\e58e9cf.rbs

MD5 0ec08fe14935a8088168bddee10e2f53
SHA1 0b52ed3b64fcc1b2c35fa115054ea0a47c5d04e5
SHA256 f219ef58e3d6bbb6dd9fb020096d29267ecd611c6ab4be76ae9ae438b9139c18
SHA512 1106b25d9773fb7159a5cfa02ce4f6d20db581964890da13045efad021e92e8c1f601770b70e7d5494925407d220a63c6b6b1a04b27f1349788d620813d5e067

memory/4976-5475-0x0000000007910000-0x0000000007AD2000-memory.dmp

memory/4976-5476-0x0000000008760000-0x0000000008C8C000-memory.dmp

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 be90e2afc41f21748f28705cd3955b67
SHA1 dc88448b901b1bf07c8f95a4e2a3f483ebc345c6
SHA256 2185572d1513ff96bace1a173bcf5a9bfcb75584263ff3f6d41940b6b8b9a79a
SHA512 10427c278aee662e785e55ac5f636154071fe8cafdef0404f3d4d5d0846a2f84809a574284be36a9a6e7e26309f827b109f54f08b5ad1cc9608e6bb0af1937cf

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 90d6a9e6a25fe31c9b1cf51211997e7e
SHA1 5aeb7bb7a08447367321e141e241aa03a05e7a3b
SHA256 ded1e40cd9bab7df37913892d618e460b1e74510320eb71f2ab0cfcf644b56ae
SHA512 9a079ca885eb59f6c8d48c7a0beef95f68c4291c58651c7901bfc0ac4f450bd40db379e3d877c38ae2658661136bf5e1fd73c13b7de681ee9fb8cec814c7fbcb

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.1

MD5 5dd213b6a86ace1f5ebbbef3497eb3df
SHA1 98befcfeb090612b38659edb31c1a7198f51a9a1
SHA256 d6a6ef869c1f4c2b3a7f6bb259a4dfeb27e2cf0833e64f9b6491714e5263f609
SHA512 c557ac75c50cd9f01beb175a348bbd8c000f0d90d02eece86461b6f26bbc596b94031051e6ed6ae1b689a22efd30fcb403b748ba7361a6bc7d9eea89d75c9bf1

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 28f2a4059b7cbef083b39827c849ea02
SHA1 235a1026c9d30caad634327213a0dde32eda7279
SHA256 f37ec016c1222f29b0c4b625ec8a0b7ac9831919d83b9a2bade108b707010c8a
SHA512 e7c54c6d321c9a3b62421a5af362e68c0665341594ace3218c47392ab6c6c0b59a53fccd31347c9347ab9a6e911b7473dddf34ce33b29e7cc5bd09b734382bd1

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 49f4d35a5452614895f4c27e854b95b7
SHA1 b9b649f8141ccc629c40ad83a4a6c6d69fe6a39f
SHA256 c15be0bc4974f728d55c43c203e54a99ad6faf804484ed88f5328bd2364d00b2
SHA512 2e8be7fb0713c00d5960abde60e010b6a92b4e35044f0e5449fa18c3cff4f37170f17c7f446a6041b2ca439228fcb7f650cba746e00b4af6db38f197aa50e31f

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 26071147cb271c2233dc15edaf85b01e
SHA1 d317f4d49b9dab45f82d4f318f38ce88ad1320a8
SHA256 4416779c192def9076240f61565ed532ac1ad659cb50087d17bd4403d37c4f08
SHA512 6577474f50ba37d9c09aa70250d4234a233e28cdcc4666f232fbffb3f7fc76436827fb122814ecfe7d63ee1959957f9e35e555b3ef5398cd3f394052c4f1876e

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 7c75d5f56d6c284316f6063b182c89b0
SHA1 cdb450ba9e9aa1029a7b3135dd6e65780f8d706c
SHA256 17971d6defff7adb95d8ba061c8594e5ef77383f231f68efc37ffb3516896278
SHA512 998a4d1b137c58abcfa5a72eb9f54cce530a9bb6e3a3b8d94d8158daa93eda849f984e61c38442905fa1bf1109a174201acddaa0b9180e9bbea6ac0c778b1d22

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.1

MD5 92b15a27b622a312e32cf89ac85ce1d8
SHA1 d047ffa2f23bd68d32f70033fa47ecd57036dc98
SHA256 6f8a8bd9c681513a1ecacb85df0d6e9ac6e517094a9a0eea7819d920c111262a
SHA512 f56bc3b10f8b50d383b11d4d1d93248eb4211bb7cb0ec3763b0f42042958d505e3630d0fb043d2affd522dfadcb453114a3e7fa60f80472236a116099af0edc4

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 6ddb4f83045810e41b23162009b50c4f
SHA1 90945f39f93e6882b2aeee9b5c08bae80de53c71
SHA256 da1fcf4988df9e0b55d9fce0b8cddedfeb4cff16add1f7f550b9e159eec9b196
SHA512 492b44f1b9fa9ae50dcda42a89e04303a60bab916f94d661d4ba9043f6486cfcd7937b72c3b171aacd9bbd051e5978e6db53a0bba186798af7bd89e5e8a429a7

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 8c3295c5baf759fd5a2bd40d039f63f2
SHA1 463aa327248a17808c89a86cb44e49d97b714b18
SHA256 ab102ec9dd34e2ad8b13410b2333c5b004dd133db3b5c785b969684137cd2d49
SHA512 d4231e990f1a339861a2b829c7ec3702dd0fc1948de525c67676022d7a21381c42381828f40d0be021378820b0a04d6fe487c7a934861a09de87f76d64b61c7e

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 f8f5ca3bc25c2f2f1c967bc91ff55fcc
SHA1 e6741f3ada75c6ba4885599461fbb2b46007a9dd
SHA256 a86d1a6e9f4c24cac9e0b008141cb8d2b3971d63c3370207b4a684d4eb8addc1
SHA512 2b12b7aed99659fd42d714a4a4336e56ed23fa803f860d2d0903e2812ab3c6228292c0942d85c50510a2918e77a973d9ffc02df4af2b9d866fbdfc851ae3c6d6

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 71f885b461881fc4f613d72e82f0c8ec
SHA1 5ee4b522f3049cc417f7d97ca91f8e017b1b066d
SHA256 7722cf85d6dd21c4676434d5fa0ea0fe55930694e3fb2244b18ab7447257551b
SHA512 59b0c6002131a5545aa150efdcbbdb2e7e28658cdbeec6c5dc6bed65e0114f4fc0b6f1be3a35b6c5056dd1d630f48a745ecc8117df9e8a07d3aa339a4953c8ff

C:\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\Rmm_Proxy_dll.log.4

MD5 d2787df0f7822a70d3e47e0fa4aec7f5
SHA1 7432142e59fd0d98a1ddcc44b6a6ad7f37175e3b
SHA256 bd24b5245c4b7680203e5f0e3cb61ede8f1619e1eaf6df55d7b953e845765b05
SHA512 19d34cfc351b0a3fc685d40ccfd2070e6e80cee99c8a4a8fa7884d29601f355f76c245a34659b72481ebe51515e1efd62323ea9e5f301a6bed55f7bc4a77c06b

C:\ProgramData\ITarian\Endpoint Manager\oem.rcc

MD5 c533733cd62bddcaf9dcbe6f6ab8ff88
SHA1 d43784d3baad1d4dddc0f83fbe9b7128b7a6df59
SHA256 7985a1b0b9eb329930d142ca57026ca6a95853ec76e1b527a1beda66a91518e0
SHA512 8a7b4203d31d3456aaa27e1d37b9343afc3b8e6cb2825736c6b691b6c039b065c0a4857674130e8b3f36844997a73eeab0d66169ccc4b5d82a0c4a1e34b8e829

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fe0564e60bca98f07f3cbaf8ac77999e
SHA1 bd3c7c933500606e6777f58304fff8e771da4c96
SHA256 755a85b01ce80f82a2613f69f59eaf79b3d8529beef6cd7d56bce885ae424554
SHA512 c200c9e3725af83aef01b361a3cf2f9b6fa477fdd8602504a9f42069bbc4af0d146ce85a6c61599aff8a10eeccbfcb42c0dc39d7e038a758afb0bec5b91d62b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b1856b34d5fc8e1dc6e7e94f3bb9e33e
SHA1 34840893285ab6616a85fc34cec2b599e5bea48c
SHA256 7b2994d1d13c94fab463254b84ba54cd726fe94c60a89b1be0ab2f8adb01a3f4
SHA512 1f43d55a15e2d4b6ee67f6414b3fc0d458e9a1fd9cc61a75d915dafef64f05f791afa9c5d27b4302fd311fd95c44029cac07bf25aee18e1137df2e30874e6ffb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 957eb22f64c04ab232dcef9b3a35e10b
SHA1 020f166ae86041c7413972a9fe37f5b7dfa347ca
SHA256 ac53e53ec8815eac2dbd5da9ad637d8af8ebe83fbc427c64cb7d6281f65c8ae2
SHA512 7c4ce5990389dd1ef1dbab66b1ae3d59e2da450e0391c0b9dd4555b003e8c796fdcfdcfc50dfbe73e3f7a505f2a654cc0d25f5f5529e53e528334f0c470edc73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e1d9d1d812ab5d5497140955072db8b4
SHA1 d071191ac440e8463fce06059c22f4d8eb2a0467
SHA256 8d33c9d2a8cebb8ca8f13064e3dffa556519967f5807d3708515caf9f4710a2d
SHA512 ff0fda52540e950856fbde4f72bbeef36d6cc7d16cac6facd36c4f51a9ce559dc92b67064fd21b0e2d59be0beb772f8b9e0f04cd9bde8df77f1769d203215bb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ea23c59e159adba8b501b25e6db30b2f
SHA1 eba54f2bafdbe41b74681c77930d21a4d2aedf73
SHA256 fb1e0f1ade833f2f9ac58019ee6a24ea77af080b8bd2d68195b8db372155aaf4
SHA512 09df49d31b42bcdb1b926ee092efc1ac1eba267ccb8cab28a184d5ad35a080c8b157ec0a8f027ee7e21865132f9e94c0cff321084606a610f84696fcfbbe7112

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4df2a650cbe246276b6d1969549cce80
SHA1 76d968142be30f83f3822cf55e87f75828e57f92
SHA256 a4d787013c39b3682992861947e82f3ccdbf0dfccc8929a77a8b81db2e7e30d3
SHA512 341704cfa48988ced5d3c0c94145c6cfa4b3e14ef3582c0b250343c2b3ba1089d9be3d1b7eb461e076fb2be3bc01c0f403b78b90f9ae2176c8646bd99d0a25dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6bbeb1149eb5e72fde78c0492cdc7402
SHA1 79abbd72c55e7ac6bb77286a060d6fbd421517ce
SHA256 41d32265786439c7b4739881dc96ed871167e14edf4cb90f8d754e827e2a0cd6
SHA512 31002ce4624e3fe6cfea94d76db27d9ea1c5bcedd46becc00a5ad600a70c0fda9db1ea30968df5eb84c13ff0852c2035980a28591b913b36de9e5863d9a4cc88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 aaf3b3d9fe31d6caa9b0c69750831c82
SHA1 680a3a5c5433e79c6b878df22f48b0937aab7f96
SHA256 5ff798592679c8ce60f02b74a3e732efa6e93d9f0189bb0fa8cdac08d516597a
SHA512 1659f90985a078577934f32f8e6b765db2f6f6375c7e29061dd870095bdf23aad6441a37aa9e91c7d740f068f4b0ed156fd08e1fd24292278a5d8c61e266f02c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58