Malware Analysis Report

2024-08-06 12:59

Sample ID 240604-zdwecsbd28
Target EULEN.exe
SHA256 3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed
Tags
asyncrat default discovery rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed

Threat Level: Known bad

The file EULEN.exe was found to be: Known bad.

Malicious Activity Summary

asyncrat default discovery rat

AsyncRat

Asyncrat family

Async RAT payload

Async RAT payload

Downloads MZ/PE file

Executes dropped EXE

Checks installed software on the system

Unsigned PE

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
Peripheral Device Discovery
T1120
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-04 20:36

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 20:36

Reported

2024-06-04 20:38

Platform

win10v2004-20240508-en

Max time kernel

107s

Max time network

111s

Command Line

"C:\Users\Admin\AppData\Local\Temp\EULEN.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\EULEN.exe N/A
N/A N/A C:\Users\Admin\Downloads\EULEN.exe N/A
N/A N/A C:\Users\Admin\Downloads\EULEN.exe N/A

Checks installed software on the system

discovery

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620070337217643" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EULEN.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 2204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 2204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 2264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 2264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\EULEN.exe

"C:\Users\Admin\AppData\Local\Temp\EULEN.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3468,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff88dfab58,0x7fff88dfab68,0x7fff88dfab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5104 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4828 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1780 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4928 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2716 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5128 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8

C:\Users\Admin\Downloads\EULEN.exe

"C:\Users\Admin\Downloads\EULEN.exe"

C:\Users\Admin\Downloads\EULEN.exe

"C:\Users\Admin\Downloads\EULEN.exe"

C:\Users\Admin\Downloads\EULEN.exe

"C:\Users\Admin\Downloads\EULEN.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 45.88.186.12:5050 tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 12.186.88.45.in-addr.arpa udp
BE 88.221.83.233:443 www.bing.com tcp
US 8.8.8.8:53 233.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.178.66.33:443 gofile.io tcp
FR 51.178.66.33:443 gofile.io tcp
US 8.8.8.8:53 api.gofile.io udp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 ad.a-ads.com udp
DE 136.243.55.84:443 ad.a-ads.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.a-ads.com udp
DE 148.251.155.232:443 static.a-ads.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.55.243.136.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.155.251.148.in-addr.arpa udp
US 8.8.8.8:53 store9.gofile.io udp
US 206.168.190.239:443 store9.gofile.io tcp
US 206.168.190.239:443 store9.gofile.io tcp
US 8.8.8.8:53 239.190.168.206.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 45.88.186.12:5050 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/3436-0-0x00007FFF91693000-0x00007FFF91695000-memory.dmp

memory/3436-1-0x0000000000590000-0x00000000005A8000-memory.dmp

memory/3436-3-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

memory/3436-4-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

memory/3436-7-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

memory/3436-9-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

\??\pipe\crashpad_1736_ZLFDYXOSJNOYXSWP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3436-44-0x00007FFF91693000-0x00007FFF91695000-memory.dmp

memory/3436-50-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

memory/3436-51-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dd363b95f14eeb20c4f445ac29c97fc7
SHA1 b1c811c3277afb8487e479cd27c72f8a53f5cb3d
SHA256 32e62f6683a5272e2495e78c1202e85c7c00b1f17e9bcf4f1a11590604292664
SHA512 702b068111cd4321fbcf44192ed9cea66031c18b7e93f5a45818229f7de1e30ead4fe56e409fff3a5661c1f7de1b6deea1e259f799b314e264b7014a93bb533c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47be82896ad227d70beed48c209a2a30
SHA1 58f1568644a53282fae7a3e430340ba417cbc606
SHA256 6d494f785724812b689f5e8933660ced01cccdbaab3aec43dd7a152581becdae
SHA512 6db6c6677f4fbc2b72f6a13c8e6908510767e9b408bc0b1b7cc9bc7f45ba39f5476ed3b69297e95d8dc674e30659cbf42830d90a7890bdbf79058d7102e13456

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 65ac2fcc5b55e796c9e1ee55f622c7fc
SHA1 2364eed797888ffaca5562344bd22e5a863e2036
SHA256 af7e0a7c511d14deeff603951eee53677fb206ec63610c0ed00039465f865f12
SHA512 24f704a567e17d63f003b493c6d9f80e35706adc4a1c1ba1064f21e500158a8fdf93715aa909756a0e068052fd91715e326d05eacd0b823570ae251f34e4169d

memory/3436-69-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1e3e39b749b243e6c2b1a70cacfa8e01
SHA1 b4c182d232b9a916744c912cdd6a92c55a191676
SHA256 5507fdae7e8f1e7b8fe586918ac1ee69ba9f65ebba48e5e420bc1bacc2674cf1
SHA512 dd27e105e6496bb4d0d7720a2bf39b1f20e872c9f38c14800ab73459b7f92df0474ea2e1509b30de2116f994c5b63c4f172cf59088bcefb3acd659eb482d24ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00683004c3697d48a41e3a593ef0d56f
SHA1 bbc26d9c97cddb448bf076853eed0e9b3f726fd1
SHA256 cb785f3622f13437b320d912fa9114720d17d034f7e246df87dec73365e8750c
SHA512 3d5b0f77eb52bcc141f35af9ad4a45a6369143662ad0160356bd3de1d862fbcc8da4a93fa478ddf9a5e52452a01c11e02dd536a6c3837818091d670eb9a87e44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 671442003a16691903ecf553ff432cc0
SHA1 255dfdcc9ff5c26d9847be7e27588017d2802e11
SHA256 88c2d7822f28db9babcdf98e7a4d0f91b4a42d2b604343be7aee145dbf797c83
SHA512 5e3a8a3ed986d369e41bd90b8f588929dd2e8dca999d388a8cbd13d78491353c680fe74665382dfafc2d4744b1fdd075f60bc00b02c0c62d2f2e38a66abc5a45

C:\Users\Admin\Downloads\Unconfirmed 161305.crdownload

MD5 de0891586265c0d49245e1590a7c0658
SHA1 8e227aedecfbefb4ed05ca5996ed6c006338f6b1
SHA256 3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed
SHA512 ac4a52c7c3940c403f622da6e3543fa0978f2b96277f73e89a64668980f0931616991b2266a235ae13dbfec01886387af135c5dad197d74ec39e2e333460338b

C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf

MD5 cf759e4c5f14fe3eec41b87ed756cea8
SHA1 c27c796bb3c2fac929359563676f4ba1ffada1f5
SHA256 c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
SHA512 c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

memory/5604-197-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

memory/5604-198-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

memory/5604-200-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c760ddb8df86d045fb6b72b8a95e1ed6
SHA1 2ff1fd5f36996295c7fff547116ca0447741e0ab
SHA256 d9147e0cb3275c50f460e64776975837a1cc9016a1d34ed9ddad7ec96d77f14f
SHA512 430e7b3c321ba68e2018e2df39e1a77bf2fae8c79db2d254b7a7481a980020f8ecd65c031554dd00c2053b8b6c745b5062af57a86a575122a2240e0df02be95b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 526853b7e497d9616e2dfbbb6b468c1b
SHA1 b9c32dfd609c9d99ace8dd2cd0c84d7d72babce1
SHA256 5ef01654554e8eaa249229cf696cfa8d94561c8bab2de59cf004e8b5d832c769
SHA512 c46d25e87ec73c32b6107407810f11a24eee55e7c56c12f7648a808c3069b2ec93fb4a2c9b9a11a5be392b28f7ba301657cd9fafa95ee64442ccf175acb8dedc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1e0697394fb7f97941e2529d9c56e567
SHA1 a39f7f99e4e9a1fbca1863707feef647c91a7901
SHA256 846aab623a1f0c69bd567edb97504395146d26051c5945173eebce3fbb6a773c
SHA512 3ae5ce16352edf7c2341904ed435edf427230fe37a601a063898606d202b65204a54595dc14535289b388d3eb07e0c30eed1c043b61e6a7c730c101edede6801

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 87a6ca24ce2f592d1b6f4c69b7293e02
SHA1 5fd5ff64c1943f8db9d97b1781c284096aac4c01
SHA256 cc63526e51fbfbd8a8d6e8f7d3702085ea62cf1b3321800f4d02f1fb1d0f064c
SHA512 896b8f91b24d64cec978a181cb3b808f150aa444aefec809432889c82876bb727045619f49a935983968a900934d26310f402b12314e29964ac0a9d0a9baeb8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 81d129e652c73579f563fd1ce466985f
SHA1 81697ff3f7c55231304e3215f2d52501fc705275
SHA256 5d795a2c52d6b23bcdac18f26dde2aab29e7810fff02087acb5c8970d9d1af8b
SHA512 5dfdcc10218f23e96b8d61bc5673f4d3a315e4b3ddcb7bfb15360000b3e9d24ada608e3540aca30bfa5d9841468ec6a4075ba932b7950c7ae79f10f74ad06737

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 365e8e796fd37062d34fd5ada6b8ed8c
SHA1 6cfc757cb17552153c7ef68027552ede8dcb6a38
SHA256 8b12d0330c188398281062c2eef3b45159b4874debffe100109f7999851c50d0
SHA512 912d62a705d7e5a381d89686baa153b0acad60e82939dea77e34a82268347b1608850fbcd8e67d6e9434b4b9a87f7df1ff88b5e013c4a3d40ee73347c1907632

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 d44eb7c1cc46f4b91224ab43da7efd25
SHA1 7bc08e5da0108b5bfcf787027f0f29d7af86ae5c
SHA256 2e0face31031df51720836034f10aa444940590146132810d506c8b105787ba1
SHA512 3cfbc38b7e54ec489fb6990fb3c95889229ff87dffb7840f166950cc28166294d5b53201525b0ec17667e2fd339a2288b40a6ca258fdb7d1f2efe1f7f8a66d43

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EULEN.exe.log

MD5 baf55b95da4a601229647f25dad12878
SHA1 abc16954ebfd213733c4493fc1910164d825cac8
SHA256 ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA512 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

memory/1508-333-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-332-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-331-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-343-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-342-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-341-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-340-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-339-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-338-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/1508-337-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

memory/3436-344-0x000000001C290000-0x000000001C306000-memory.dmp

memory/3436-345-0x000000001C210000-0x000000001C276000-memory.dmp

memory/3436-346-0x000000001C410000-0x000000001C42E000-memory.dmp