Malware Analysis Report

2024-10-10 12:09

Sample ID 240613-qtnj1s1cjf
Target https://www.macrorecorder.com/download/
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.macrorecorder.com/download/ was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Checks for any installed AV software in registry

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:33

Reported

2024-06-13 14:03

Platform

win10-20240404-en

Max time kernel

1799s

Max time network

1688s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.macrorecorder.com/download/

Signatures

Downloads MZ/PE file

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627592156709220" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder\ = "MacroRecorder MacroRecorder macro file" C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\MacroRecorder\\MacroRecorder.exe,1" C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.mrf C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder\shell C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder\shell\open C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\MacroRecorder\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\MacroRecorder\\MacroRecorder.exe \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.mrf\ = "MacroRecorder" C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1472 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.macrorecorder.com/download/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa35589758,0x7ffa35589768,0x7ffa35589778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1996 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5068 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5116 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5504 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5400 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5728 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5568 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1504 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:8

C:\Users\Admin\Downloads\MacroRecorderSetup.exe

"C:\Users\Admin\Downloads\MacroRecorderSetup.exe"

C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp" /SL5="$30248,44980986,845824,C:\Users\Admin\Downloads\MacroRecorderSetup.exe"

C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe

"C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4404 --field-trial-handle=1588,i,3229011375956917633,8601711723827039425,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.macrorecorder.com udp
DE 2.59.134.145:443 www.macrorecorder.com tcp
DE 2.59.134.145:443 www.macrorecorder.com tcp
US 8.8.8.8:53 145.134.59.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.36.21:443 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.180.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 21.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.35:443 recaptcha.net tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 142.250.200.35:443 recaptcha.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_1472_UVYVORZOAPXHEDVH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\51570d2f-e93e-4814-891d-9d232679447c.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f21d21ba14a96b44875daf71403d22c6
SHA1 9e6b55a31b753b04556aaffb5cf054a9de5a5c86
SHA256 9119d18624589800b62bac511deff07cc9ead5cdb61a21767623c42ba36b5666
SHA512 6fcfbae18d4690377686517de9b55897114c30369c646b6d78624edf509cea8e748b422ce0d97cbcd8bf5eba01b727613cbe6a2466c786d1eee3beae102f8e86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b3cdb0a65a40de77a96186f80fc6455
SHA1 8074e072b9dd2ef6c28bc9d157ef5af953f86ee5
SHA256 13d791ffd28958d9c526bc61d2719231339a648b8c6f161a9bdd21a2ef8c22f5
SHA512 d0bf932bc3a88a1e48b7b0431c4a9501cf74ff383bc27b4ace21500b75f115edd0cb5f61c52e1a7bba85f040d8cb49585e644110fb4b384f51ec0e0a6bb396bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 99916ce0720ed460e59d3fbd24d55be2
SHA1 d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA256 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA512 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5e1d2faf57f75f42b2e9655263919852
SHA1 cc4897d1c2f0a4520c3ed5fa911dc8a7e6b32854
SHA256 3f880378f7a386515ba80a73541ae3f70cc9036a735fef9df82441274a5f2563
SHA512 325f4b893620ebdbc53f7759771d37be83ff74faa9d27db4963c8566adeace41a4031c236f9f165d7804635c108c541baf97de6405bdab4f70eb71a70443f1ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d130393e56756fca4164643a460c8907
SHA1 2a424b608e5456f8aa9bb72dd855c5391a3700d7
SHA256 4e505756851aedef9136726ef3db91e035156a467af9e607a112fbdc4dbf04e9
SHA512 819758e814b6fec4f0651e6a12c61cdca08c2ba4e99c8c4b4f4994de84c49f578e43d74be97556c82c540a292b50fa91d84fc9ba15c4889149dc8126b38a709d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a54a8d00a6f6d5e350134e39fb1c1eab
SHA1 af0b6b2f51e3d7c37c65d95040872b95c078c4b9
SHA256 8a6c3b31da953221fedafdde8ce8734e4a7e9d335a2cdd73ddfeece3710d3c61
SHA512 2b28c8d006a5f791d995b189ff82269ade5d648fbf54feea2b8ca60ecc39f55f50a4d95bebbb8dde0165fb22431e6a08f6ad049c5def75b3500dab9a8352f745

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e1a9bf526de823a8365b769c22be3843
SHA1 6ccce6b48669af94619143cd8c55323f5c793b9d
SHA256 37ebe4f406df515ba2f516abf8b1f3f8d0bfb06e16fe2a9bedb221fac4c2a454
SHA512 84231951d3f7ac289d98a4f8fdf3aedf6493a5d671493a2856c787f3f73d96574c709ae379fd0dcac997780b92eb90dc84e69f1771197a0a3e2612c116ae5b1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2bc6b1be8351b16a8c2cbc5e62bdb826
SHA1 e1325fce24a297b03875196854739796e8497879
SHA256 5fd43864b02fc19bacbd5b059c3f4cc3e93e99200420da46cfa54cbbf1a0dcac
SHA512 f7a643b8aa4719df711b798e6f6809f179be7e666705111bcf20b704154b3363a61c97181848f072fbc332ac2ffb3f778c3b9d20b716b73146714779cc8384e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580f2e.TMP

MD5 59183e37a4bd2b20a854a1bb4e2e899b
SHA1 89452dbbbfba5610bd3f983b674582a44a91781e
SHA256 92ecefeb0326601f0932312cdadda16fbe0b5ee18c851e9a7dad60cf82082772
SHA512 377fac848e95fd21e70954ecc99054ffcd55d9fd404b7b1adb58f4075973f00aba315fd0f117915d8611d649c46b85720e02426764e268a31ba66657d2638e59

C:\Users\Admin\Downloads\MacroRecorderSetup.exe

MD5 13fffd4457ced32c07f1e846eaa1e635
SHA1 91260b54dfd59f9a99142f2aae79724178a798cb
SHA256 66270f88ef9e9b3804903f3ac0e152f593ff72812f33e89b68848b19281c0c27
SHA512 7c4f56ebdea19d6b905682b6ac9085cd244106f01d5ac0d45bb13b1df09b923de4396a79ff5628d9a7abf67fe436f211838bb0a6d8f37f0f87d4532d29eddf9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ab0d78392b01ca5e51ae259400736ca
SHA1 a521a4bf65479ed9882c4e1420a01862479a2243
SHA256 6d47eb1c80a7f6ec9d1fae859f866ee428f2014e4cdc6f01d02747d1d8c9b14a
SHA512 3e37d32828900e74c33bcdb227bf7083d22de88b7a44bf06d79cb55e103d286b0ac30a66939200bd8f8362840fe41eeb6444a903a00c117001e48b71924f43a2

memory/4712-326-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/4712-328-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GHCG6.tmp\MacroRecorderSetup.tmp

MD5 bbc1595216099435101135abdc849bd9
SHA1 b938f4ec985a74e45a8e3e1333cc6532e55a57e9
SHA256 dbca19492a4662cab1b2eb12574d17f8b104631fa480d05e4b947d454be61ac0
SHA512 1596823e644a766edb28c2a9a5711736cd857b83a71e40eb87852f661f9f6e536a2d7af2e18de452c98e32933b1287b570174a2a7d58f88d0de7073f423e52bb

\Users\Admin\AppData\Local\Temp\is-01FQT.tmp\_isetup\_isdecmp.dll

MD5 077cb4461a2767383b317eb0c50f5f13
SHA1 584e64f1d162398b7f377ce55a6b5740379c4282
SHA256 8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64
SHA512 b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c12446a59873915f4ba65fbfa6f6d8de
SHA1 33dbfca233df8adfc4593a26e3b7e52908011332
SHA256 2b2cb987149c47dcbe31792e456693df97bc8a21eaf7fd7908cbc49eb1cf69a7
SHA512 45fb0919a6304480fb7f4955a8b366618e002034fd3b6238c1bf8378d8dfa9645477659d963dd3b866bf3831dcb83dd01f8adbab5e6d6fbd5e5ea3c463b66539

memory/4712-349-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 53c918b6307f97e517b3468614f9e349
SHA1 922037a7d9868fba592f3d018c19a91da0b84f62
SHA256 a1b8147aab07a4c101156e0e8c27668d5c0a799fe57653b6381619e26e2d8d9b
SHA512 6981b53a474178771f7bd1e2f1b6e67868ffe511fef87a151d6eed96946c590a37870dacb0c50e1f867ad4ea90ce440fe7d5c7ecfcebc4608de302794cd0300a

memory/4124-376-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd379569d0b7d218986832dc7fc5c501
SHA1 21e7bb4a37e39dee8947ed1e90f9bf45764ea12a
SHA256 2801bd3e075cb78aed00067fa52eb916bf4e6b68d8133f6d41fe370331ad357e
SHA512 fe977441675072326c7b729ae938b360dd3e56ce5a05191d9875c5848faee60ded95b606f63e07ab338e882f7e3813fb0e4c7cbb6d4ac2d0e4ff89adfa523e4e

C:\Users\Admin\AppData\Local\Programs\MacroRecorder\MacroRecorder.exe

MD5 d8e3ad45052532b532cda70cd30356a5
SHA1 c48a52c7c97e2a842c80372e1b6d7853c3c1fced
SHA256 62e7ade165d5100de07472e72626e60caaa5bdcad7c4105e65998063bb9ce441
SHA512 8316e04e14f8b73c2cd2055dc3d379ea7acc9c48b1e9e42bb91e2545143e0e7769e8d6ccb5d0af02d91ea2dadb908842bf8498ad17c0c6c08eb55a62ac33d65d

\Users\Admin\AppData\Local\Programs\MacroRecorder\mrkey.dll

MD5 1d01aa12abca7c2405abb863ae670305
SHA1 452b72fd0d41f008be8e2f8bdbcb3d727da885dc
SHA256 e92e12209048ffdca0c9e8bbbbf0616ce3e83dc66152c727f1758cd711dc529a
SHA512 36fdf55268418da1f09a22f284bf3b4d63b88af998d80d41ca9e7558b498143e5babc8329504c0e4c44d0a3edfc9692e612fb90e27d78f88cb92994181e1b550

memory/4268-410-0x00000000020E0000-0x0000000002111000-memory.dmp

memory/4124-414-0x0000000000400000-0x0000000000717000-memory.dmp

memory/4712-415-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/4268-417-0x00000000020E0000-0x0000000002111000-memory.dmp

memory/4268-416-0x0000000000110000-0x0000000001709000-memory.dmp

memory/4268-418-0x0000000000110000-0x0000000001709000-memory.dmp

memory/4268-421-0x00000000020E0000-0x0000000002111000-memory.dmp

memory/4268-420-0x0000000000110000-0x0000000001709000-memory.dmp

memory/4268-423-0x00000000020E0000-0x0000000002111000-memory.dmp

memory/4268-422-0x0000000000110000-0x0000000001709000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b527cc09bef8a256ad78968c93932f6e
SHA1 609aa584de6fe99230d0482346bbd59f45f8e6d7
SHA256 e5d2fd7fd137b67947e10cbcd115e2e8f78425f9df874d2903d9a02a2a05632b
SHA512 9287fac4f2a89df893f35416fec7b49a5c3328d73c4b6791a007e5e46f5f5ce3d6fc694a6e403768ed0da90a8bd3840a15e3e1735361378e2ad297d603726531

memory/4268-436-0x00000000020E0000-0x0000000002111000-memory.dmp

memory/4268-435-0x0000000000110000-0x0000000001709000-memory.dmp

memory/4268-446-0x0000000000110000-0x0000000001709000-memory.dmp

memory/4268-452-0x00000000020E0000-0x0000000002111000-memory.dmp

memory/4268-451-0x0000000000110000-0x0000000001709000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3b8b160310c3b46b75f95614d2ac113c
SHA1 c2fa577a62da843e3c167ee45f3cde57390cd5dd
SHA256 6b8fc793968ca1193c35f071c1354b192e99eacf026aa922e6d1d694351792f1
SHA512 07ebf2ddefe0b66b4892b44876ae88ad29860216fae3c4a13971668b75e928b7865e1a11ed48eadb5de1b49a7db722fb701a05fd2e5a38f58ef6490aea521467

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1ca0a6c74496cab2fe89e70b62917dd6
SHA1 cfa9c537fd1f1dcbf194d7d8f22dc484ff59aa3a
SHA256 de90eda40948fafa669ff335640a45620e56be8203fc075eb2da7e59455cff72
SHA512 f3d5d3be1083a46754f19ad62cca141cbcb1979326e22b2c74ef05848a8022b4638b3d4a05e9a9a540f3031513f1d53f05ca4b497a539e4aa1a5e8f65430f906