Malware Analysis Report

2024-09-23 11:18

Sample ID 240615-mftmbs1amq
Target revosetup.exe
SHA256 a05acc9172e98ec6a6a7f923f5c648cc7a7c4e02bbcaaa5a6d9663229e662c24
Tags
bootkit evasion macro persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a05acc9172e98ec6a6a7f923f5c648cc7a7c4e02bbcaaa5a6d9663229e662c24

Threat Level: Known bad

The file revosetup.exe was found to be: Known bad.

Malicious Activity Summary

bootkit evasion macro persistence trojan

UAC bypass

Disables Task Manager via registry modification

Sets file to hidden

Suspicious Office macro

Disables RegEdit via registry modification

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Checks processor information in registry

Modifies registry key

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-15 10:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 10:24

Reported

2024-06-15 10:31

Platform

win11-20240611-en

Max time kernel

351s

Max time network

353s

Command Line

"C:\Users\Admin\AppData\Local\Temp\revosetup.exe"

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\system32\reg.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Windows\system32\reg.exe N/A

Disables Task Manager via registry modification

evasion

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A

Suspicious Office macro

macro
Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDelete = "C:\\Users\\Admin\\downloads\\windelete.exe" C:\Windows\system32\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Temp1_winRainbow.zip\winRainbow.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\setup16.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\user.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\OneDriveSetup.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\hh.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\instnm.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\OposHost.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\perfhost.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\regedit.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A
File opened for modification C:\Windows\SysWOW64\dplaysvr.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\sysmon.exe C:\Users\Admin\Downloads\Antares\Antares.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\Blueballs\Blueballs.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629207780845335" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "5" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Antares.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\xxx (1).zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\winRainbow.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\trashclean_typenew.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Melissa.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\CIH-Killer.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Blueballs.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\winDelete.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\xxx.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\CIH.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\CIH (Infected ALZip Program).zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\芸能人が本気で考えた!ドッキリGP.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\暇4.0.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3444 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\revosetup.exe C:\Users\Admin\AppData\Local\Temp\is-CQM4I.tmp\revosetup.tmp
PID 3444 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\revosetup.exe C:\Users\Admin\AppData\Local\Temp\is-CQM4I.tmp\revosetup.tmp
PID 3444 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\revosetup.exe C:\Users\Admin\AppData\Local\Temp\is-CQM4I.tmp\revosetup.tmp
PID 416 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 416 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\revosetup.exe

"C:\Users\Admin\AppData\Local\Temp\revosetup.exe"

C:\Users\Admin\AppData\Local\Temp\is-CQM4I.tmp\revosetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-CQM4I.tmp\revosetup.tmp" /SL5="$40202,6355320,266240,C:\Users\Admin\AppData\Local\Temp\revosetup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5bdab58,0x7ff9a5bdab68,0x7ff9a5bdab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4636 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3492 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2668 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3276 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4560 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2816 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5196 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\*\" -spe -an -ai#7zMap14531:490:7zEvent17649

C:\Users\Admin\Downloads\Antares\Antares.exe

"C:\Users\Admin\Downloads\Antares\Antares.exe"

C:\Users\Admin\Downloads\Blueballs\Blueballs.exe

"C:\Users\Admin\Downloads\Blueballs\Blueballs.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3632 -ip 3632

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 276

C:\Users\Admin\Downloads\CIH\CIH.exe

"C:\Users\Admin\Downloads\CIH\CIH.exe"

C:\Users\Admin\Downloads\CIH (Infected ALZip Program)\CIH (Infected ALZip Program).exe

"C:\Users\Admin\Downloads\CIH (Infected ALZip Program)\CIH (Infected ALZip Program).exe"

C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe

"C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe"

C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe

"C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe"

C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe

"C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe"

C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe

"C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa\Melissa.doc" /o ""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_暇4.0.zip\ë╔4.0\ë╔4.0.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_暇4.0.zip\ë╔4.0\ë╔4.0.exe"

C:\Users\Admin\Downloads\暇4.0\ë╔4.0\ë╔4.0.exe

"C:\Users\Admin\Downloads\暇4.0\ë╔4.0\ë╔4.0.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_xxx.zip\xxx.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_xxx.zip\xxx.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\363.tmp\364.tmp\365.vbs //Nologo

C:\Windows\System32\attrib.exe

"C:\Windows\System32\attrib.exe" +s +h .

C:\Windows\System32\mshta.exe

"C:\Windows\System32\mshta.exe" VBScript:MsgBox("The trust of the innocent is the liar's most useful tool.",16)(Close)

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_winRainbow.zip\winRainbow.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_winRainbow.zip\winRainbow.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_winDelete.zip\winDelete.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_winDelete.zip\winDelete.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\62C9.tmp\62CA.tmp\62CB.bat C:\Users\Admin\AppData\Local\Temp\Temp1_winDelete.zip\winDelete.exe"

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v WinDelete /t REG_SZ /d C:\Users\Admin\downloads\windelete.exe /f

C:\Windows\system32\reg.exe

reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\note.txt

C:\Windows\system32\shutdown.exe

shutdown /r /t 25

C:\Windows\System32\PickerHost.exe

C:\Windows\System32\PickerHost.exe -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=1556,i,17198547628406126796,2343614698785292950,131072 /prefetch:8

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3983855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.187.238:443 consent.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 consent.google.com tcp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

memory/3444-0-0x0000000000400000-0x000000000044B000-memory.dmp

memory/3444-2-0x0000000000401000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-CQM4I.tmp\revosetup.tmp

MD5 7b77e7c3ebd213d95c4d909716f10030
SHA1 1c00eb97b4f154e209162bee83a84a6f1d1ef034
SHA256 a1bab1631135a982dfec6024b1ef8eb1ea2bce519cd832d9151e95e8def916d2
SHA512 fb6f95d42a936911b66861280cdeee77e2125c6b30141eb66daff402453d635a87a7f8ec9435ceb7ad4fddb473d6347a787bedb5649aa3abb234aceeeaaf8dcd

memory/1360-6-0x0000000000400000-0x0000000000551000-memory.dmp

memory/3444-8-0x0000000000400000-0x000000000044B000-memory.dmp

memory/1360-9-0x0000000000400000-0x0000000000551000-memory.dmp

memory/1360-13-0x0000000000400000-0x0000000000551000-memory.dmp

memory/3444-15-0x0000000000400000-0x000000000044B000-memory.dmp

\??\pipe\crashpad_416_BULSJCJLJYSIUBCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5f1d3e5f20ec18340151b81750eb38f5
SHA1 6f3b6337a4b2e1d04c77c25f7458864174337dc2
SHA256 d6935c542ea519a9f8d15a6a5925b913fd4583425f2e89e32818afb8fd63ba7c
SHA512 ae854bced67360738a095714266bdd0710c267a1dafe623c182e54efc4d79c14ebbd55a1633a7d08fb17fca0c0489fb5d581926e6ce8f2c269e44e7f4e17b338

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7584815f0c4da1b8490a474fb6c27f2a
SHA1 5467321f9283b5bd0931dca6211ac0c4180b0efb
SHA256 21b6c66f203a8fd4e676edb6dd8cc64edc443064ad384f058446226f5d1cb98b
SHA512 1abe3eb68d217220aead42d9c489e7d0877e6116c139c341a3da8d03fa4a74f5c04ea8d45ba0cfe448a0fde10fe2ac61973447718e8160c335b0e04405cc3229

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 737463be8c23ac82867b597a96215abc
SHA1 fd395a0a945e001549cc8fc11430f357cd45b0ef
SHA256 27f8d2fd362e37ce3ed4cb36a13dced6b0e94dcd21ea97f627cae7ad3f493c65
SHA512 70abb3db16d7346c7471b2c77b684b7528ebaef1f82ccf66e2b9d1d9e0cafcb6bcee9564099a6310a2eb25c87021889c50b85200173cd17acdffaf9b97744a5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bbc509a33d2b242abab242839aa8d0d9
SHA1 289badcb174e6f831127509267fb1ef311d21943
SHA256 6a92c4375d36956a9048e69425e11a19defaa0dba145aae3ceff74f59eb4f5ea
SHA512 9b39d879730d32a8043e698c55ebed168955abb6ad162e53944b2854f648cb8dd163b9d3f7d1d53c2c62d2d0000e339f2451cbb0911cad0a37fe0c55a295d541

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f795f96dcf03844819e5abd3a301f332
SHA1 8acc5f35d54ff7bcb4586cabff1fefd8daeb4ea4
SHA256 3b95ae4ebba6c2983340803186b184183f03bee0502355ed921951298779c6fe
SHA512 aa36fd0d0220c5804005285b17133af1681c46987be4ca3eed023a43cd64fafc1af583d6e82831316de32546991fd34425ff6f4b4b406770f1140374ea73c336

memory/4584-150-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-149-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-148-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-160-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-159-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-158-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-157-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-156-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-155-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

memory/4584-154-0x0000020FA73E0000-0x0000020FA73E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 661770a42b3324434314dcf20ad8c582
SHA1 095a4380ee5019c737d2d8d27f3ecd1e326d062e
SHA256 05ac3c2a67043f2c08a5c72cbcff19c4e89a837a6c1f46536cd1f4a3e12622ef
SHA512 5bfcf373a1d73c365a129412cd369df044f79a48e25899c5c63ba71e2e448b85bc610245ce97b48aaae7b165d7c8fa8bb71e591edf0833fc812cc8c26ca11979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d777d261159686a396af4bec39b6bac3
SHA1 2fe39699f48331fe8ac4940d5536582e3dea1812
SHA256 31786218eff5d79714345ed93a0795d3f4f20f80eae63cafcc567b7342ed7493
SHA512 ce6c0c9ae3b9009e803d5b4663fd368656b9a1db49a489719a133663a05f4e143ada0f9d6b598dcbf2027b6f6c5ce9419e8c9252b3035c0bd3782123a73984a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 904a6aba212c1db0aacfd02c893adc25
SHA1 d17ffec278bf8e5a6e604f4148556659b9ddde26
SHA256 5da98150fb28ebb834c242ebe66f451091b364110ee4f06b2215e16705a13410
SHA512 ba36bfba90fea7d65c4eb7665cc9344a22b8660fd2909665e627936d3caa6a5ea66e2c5fcff612a834e219239ee7577b698ae943afc8933e51b9f6d7c9efda80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 357b4145c3264fe69f8c412e823adeed
SHA1 5fcaf1043bb72dbc719ce56a173b3da59db7ebc9
SHA256 4bf695f9d9be4d4e815594d2b7443042ec14e4dcbaa6d35031cc0420b8009410
SHA512 974c8b0220e6490324f5eda5590d4a895d7d67b87414ca1124dd01ac92e3bec033623bec67b4441fd6b69bb9034d4ee8210ee0f92fdf0a8efb6546e62ef8f7fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 b23078951d91c38ad508e190a81517a4
SHA1 8dec45198f7dde8f6f30155817b7b03ef6eb570c
SHA256 8f951f1e047ce385bb4a999785def042031f72f3039ea096c677393bfa918749
SHA512 18da7c34c40298ebaefc6ced9b0b4769181addc85f192f258c70ac98b0275119a4e6f1aa938ed779fb73c9037036224a8b07dea403b9a5071996f2e3fa759e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 47b6e3b9a667b9dbc766575634849645
SHA1 54c7e7189111bf33c933817d0a97cefe61fe9a6d
SHA256 302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3
SHA512 a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 082ea42c1aae3b695989f4b6f6eb0dc7
SHA1 1918fc9585b161ce79c29ff6d2fec39e526a3aa2
SHA256 d87bcc1cb0e666b8812da126e6e308529997c88176123920942b43efade7bc77
SHA512 e6c7b496139c95c43e9af3fbd3b6b4a90a206506a3f823c7003fc42585a404e0323ef85ed6233ac208c066ec528857a8609c36ec6c749cec0702149de2c6f69b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 79dcbc528110406964f3179a4a73b69a
SHA1 d8eb114f72c5a3e6e284727490f7d8e5906ba067
SHA256 68cb305044108cb04bc6ce9451ccc9d3ee27d2bb1060383738f8e69c00024a66
SHA512 75ab9deb8c57c217d15200d2bf38e83cac693c9c235364c2a088f90a460b35146420a7aa0b16a2479dbd089b1ffde8cbd506239525ae3d9a0473b8ca7b23cf0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 62a64ce3d95244a1a1db5fac6ba1a218
SHA1 7f682d1c062b82dd87cde2db70f9eeb45b6f1b6d
SHA256 dfe944cd6062284c9a6a3d9877d071cea8f07afc6b0876d388087d0a11aff168
SHA512 20f025abb12458ce82916162ef3e59e247c2b516049b365500f8d46b109f52b7e46079d2b0160ce4128159628e21cc676a719f244c186ddc6f7fd7f592d17950

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 b61b5eac4fb168036c99caf0190ec8d3
SHA1 8440a8168362eb742ea3f700bb2b79f7b0b17719
SHA256 3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f
SHA512 cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 4bc7fdb1eed64d29f27a427feea007b5
SHA1 62b5f0e1731484517796e3d512c5529d0af2666b
SHA256 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6
SHA512 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 7a67356f7ccbc41e0c572b5df2de939c
SHA1 52d7dc6230599ed22a7d22e631d9cae452312320
SHA256 10c989952d0e9bf9fec9c8273227202ff7904a06acce466e937c5293caeca4d7
SHA512 fca9d396851e08f1eee75dc5f2c23ce2d82c605b5531922ef5fd89d13f27099c95fc41a895987fc932dd5975c5830f9feb8bf2b1a31fa6ace8bb64cb3e2ac232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 1ec8fb7f6fd9050ab7c803cab2b0b48f
SHA1 6b831a02f8daed957b82c310cf867aa3e77b9816
SHA256 4345ede1557a49c9322e84fcfe2a20821e47003c2b3c214de6ba6d5d42bac73f
SHA512 d4ef769640f071121d07f8942533c7cfbaf4e4a29476d8977fb31d462e986246278fd599b2cb4344713f5ade2b89faed5c728093e31848c9e428601f0ea2f871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 4f462ea90211a0170c0fac3187824858
SHA1 f90cc1b6f82e5f07739bd91b2b363e83716c826a
SHA256 c61a598483428c78349280e539bab7ae8c19ffdbe31b1c7cbd98c3a4e4a129b7
SHA512 f02a268d985f856d97df4eec61e9e16bcaa53a3bb068499723c996813afb6c93e7e980489126b21f720b580a69356001fc0c20e1337ad1f53c91071de0211776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26dbb614d2bcb16be022a5ab9bd17e3a
SHA1 7682cb20e3ca2b59ca9fdc9b93a16dbc73414da6
SHA256 d4df6ef0cca6e6380136cbe7caf992ab204f0dee3c3f0812255a0371f52e9670
SHA512 2ce0395bc40159d60b955eebd4e9b85d79918bbe236676e5bedfed6ab312273616439c200439a3c8c3aa49ec5fd904feae674089fbc92bb444d16e596b7fb98c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e292e6bc8f467b63ef1265801f71cbc9
SHA1 13bf1b400f9580fc23ac5ba784cecf863ffb0ce2
SHA256 bdc9a94398215526602814de25156d9f70b3081b98bfc783ced6b2d85d126f4d
SHA512 9165817370e36ae4f11b00cf922d5a10863387cfbd70a46aba92473c15c27c9459e117d559dd16a60040412a99577ad5f84848cdc70508d3be49ab163bccb17b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5728d95f64d9b620e00e58dba6a272e3
SHA1 b96d8478ad096991b885fa0945d195d5134d9e4b
SHA256 193ef8287fa3577d7f9a94ab52df2e0466e4bc34765872615f9708ff3cf153d3
SHA512 3884b86b7fc2e8b3f2f38254bba11d5e80ceb1eb18647dbf3282b656934b08c31ecc7fddf9e478059af879d832945d100812e7883df7517fc6aeca122a1483ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bfaea4416c005efc41e42e51eba51d85
SHA1 e585f46e1b5c2177fc7c31f7db522671478447e5
SHA256 6a34f8e5f4308dd02396ebcd7dd2f5674d991c0e5458015f015eded835a5ddbc
SHA512 ca78945df04b6df0426f530d41d2ea12fa2bbbd534a22a86d26f5ab42808bbf1187c9b9ebfa1d80c1f658af5b7946f7beaef8ee5898001ed943b8ca52dcea837

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6c72ff72b936790b632eb986a7a4842d
SHA1 651e95827993bd374cfa5c3fde73cf0991a5c454
SHA256 de71baee8b9d1ebb34c29a84654a6252eeb558800f27a15a01f0275535998733
SHA512 8c02bde9791ce3eeef1d683fa9c9da7ce20c128da877f387f10c7a14ab7c38259c6cb94b83508f61887f476b66f2bf93a6bf2c8a7e2eb12642543afc8ce6002d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86b5d697c75ae36043c1670f2ef23616
SHA1 6414a6189f9495d0ffdce83f98badab008c815bd
SHA256 e5633738e217b66ac6e375f59ec309baa9455cb68870a030ddd4c45a416068e7
SHA512 9d79cd3aa6e09a1662441d17d53e425a4f8de2ee96e1e769b113830d099aed80e3dc4a871c18a97956c2a31cde19e289e93da6715e24dcef80d85464f16895b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f989e680990bcaf2b0e698f46782604a
SHA1 bfcd56b52db9984207310b403ed7b1348149ee06
SHA256 56d3476dfda8e72bd7c88dd7ea2ffeaf181a06b949605e6aebd1e2e7749980b4
SHA512 822777dd5cac8974d7129d700ff2e82bf3aa0b88129ad0a129a0d874999a8f77a061a47e36c0b337ff1886bb7872061ef54e73d20beab0e81243088c5d1a68c2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 de748b5d468c87061586e8eddbfced27
SHA1 2f082db8b41831631533255b9f25b3a86148c307
SHA256 009ce569e82d1f7aef9ac63d57686d029c41d8d3103553792a07237fcca74b37
SHA512 05695a68b50a6d1fa291f84740e48b73a4660975c4f76e0cd2f8f37b076d8a95f309b139ad9b4e6ff62ef03f5c0315f00683740359e1c390ef70085260ee4277

C:\Users\Admin\Downloads\Melissa.zip:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e3282eec0806175627fe579aca015f8
SHA1 aee1db406d7af82cc68a408f0b9e31c2c9152e8c
SHA256 bf6eee6a07f1a61963a568d7a4994eb138418a091e3825f88e018106d952f43a
SHA512 95cd7aacc48b6e4908c94d1da16ed7b4449799943a8757cf7ef8d98d0cb1136624d94d7ef713e07798c0c72195b94016254948b60913b8d2538656b968327c57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 87bd027cfe3e48ef78f5de11d4d7f7d4
SHA1 dce210539e3ee4854954fc5f752c5a377cc1ff68
SHA256 c924b9cf259ac99b20f6210273f4e04144494b2434a73884bcd04459b546c8b3
SHA512 a0e7017241a7742dd2f21e202e2a316a2c2a9574d450e72ea7dd8c7445d92a7e5d0b8115bbf7b9cedd4538d0a3f72e46f56ad18114087eab07918e7216c4a846

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595654.TMP

MD5 ea89defe15caf286fa95b3db5c136a2e
SHA1 7620585e10aaa30073ddecff616a0a19816e7c80
SHA256 2f1756747bf50a100c31c89cf72b1df8e5241018b9c9e3a52893dea1805cf80b
SHA512 1287ea0cd059f098ae344d3e309811c1341ed9902ddde11a24259fd6e044e9b7982e9686c2cbb977448986ed658efce55088c3e07cc406b82343f128c626d7ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 21e37cde92d502d46748c985a004724f
SHA1 efdf024559ac54a72d6e07632b75aeda5aa2db84
SHA256 46b3532bdf4987271850848d8935c76b1210b68397041caea040871bf82e7ecb
SHA512 be7ede521725483b6ad9e156ba9399c52821f00316e42d6d312951681a4ceea21c326f665f93730a4021a5c40666240456b9b87f6ccd8818ce4beaf82c7dc359

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2bcfe25cfe44c36b1f427c65fedcc828
SHA1 4a0c6020c6eff791bbc45e2354d12a7d205ea6d6
SHA256 0b0a7c869a5355f4e212acc44091133ad84f51a834ccde25e4fc6d9af83093ff
SHA512 dca060c5cce89f87c631673e47d5d84beb930ba799b7dd540153d8571f6c7359c5de094636949801935a3cb162f9f39382eede55c689fa23a50445c58610e3d9

C:\Users\Admin\Downloads\CIH (Infected ALZip Program).zip

MD5 a3ee5f3517bb118ccf3820a09e27febc
SHA1 41dd21269b1c3fac8649b14664a5871b6133fa1f
SHA256 69e738bf544580c92e32465856c7ba2b8b20236cc9a412d12885395fd55ec6d8
SHA512 9583c315c09ac331924c7c0e87b8834d350f6a37a42e6366f288b6d49ca1fbfbb9ea9d03f1d4c09362e1707bea4c304840614fd8044463faa51677762852f614

C:\Users\Admin\Downloads\CIH (Infected ALZip Program).zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\Antares.zip

MD5 24d1d39b81100be46c0ca62493d2f3e5
SHA1 cdc391397bd06c91572516f8da34675d5943f11b
SHA256 4d2eb15ebfe4f59f64e5446ac5c142a225e925aa71f95f034efeab0923309eed
SHA512 707ac174c44173af517a42436a1fe3ff164c899f1d701583805faf3093058e4eecbd08f42a3e18b8a46e569b594d54560c8c7cceaf52289b9b663152f7a2d527

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7481df98f2765019b016c5e98811bfe9
SHA1 3e02c6a57f93b3b0251533767d59e06d821bed19
SHA256 a680abfd99e8be8340557bc910668b95591ca31b4f0ca242185995f554cbaff6
SHA512 c64832dc0a3b2e725a916d4ca1bb2891b35695d35dcb23b5ba86a80ef107adcb1cbfdb32daa2b45b33e52c34b34f04b2d736ca6533cb42cd6236b49a83e5155f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77bc8cdabfdc079c1a9e741de34fe35e
SHA1 e29a9f290b6036471406d5b268b461f1e5248655
SHA256 e32b342ece99bc3974df02c6ab218bf4dbacf224ab81d9ae1a582eff13888453
SHA512 d3aa5b9bfc91f5d5eba4e3b0aaa2f63ec3d995a46f968ac3f3156d57c524c03f592025b928c8bdfde1312cf99df1c274d0acd4d895deb7952aeca36e15c16158

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1574a973481e28781fd4c0d42930e5b5
SHA1 756f73b99181637c4651570f3239438e81b4d2a8
SHA256 b995c221c6c1cc3e7b6cc7063c9f8d7d50765fafaf0105d95e7151e551f582ef
SHA512 2062fa25dd9a378d16ca069d7ef67ece5ffb7a52de3ad37338b1c34ae2bee0f8179e067ad4d6d9a1e41628c00335d04f34267e14bb2d2e345e2d3af56e80033a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 423e1d22070acf1f1bacb439dba7dd26
SHA1 0992641673e9812ddbd5a821331ada47ee3f6ee5
SHA256 52a0957bab50c76c434a63011149555a9fc3095eb69d4a13d2ed34850474a3e5
SHA512 9d245451b910e880117c35cb7eeee0de1c261e0667931b2d10ebbdb6b1d2304cb182007e2ba46a31016893edb5972ee9afc30882e1879aacf40abfe738893baf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fbd1e124423b73f5ae7e8c96aa6ed4cb
SHA1 1c8cac2d19e37f0d27462fde1d98b3083639b712
SHA256 890b17174665ff3b8bed0e598d4126ce7b68dc56ef42cbcdcdfda2409fded9ba
SHA512 532645be5d39e1e8a859f0474ba525d33841afc1f1f4d6ec4dea887692f6e1f162ff8658e5324956c0a37c87fee22fbc647c03cdb54f5062b2f745008b05884e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 517b4817e79d19c29d2dae768172c741
SHA1 cfbd4ad584cdcf6dff4a81372abaaf7442f67d41
SHA256 36607e0b414472a3a2c5e74aba890c0462700521dd9ea8a288c4c82fd2eca812
SHA512 809ca59d7ff1261dc0ba854875eced1d1fc9fae39d13256cce7ceea0dc70a09567fae957c70a77c3b7d2920f7d42e370728e7b0793da2afe9381a0f2d09ceb44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 16df63cb915ee5e185515970d722f848
SHA1 9900692019caefac92c3236b9dd0f82e8a4b75eb
SHA256 ececc2330557b12f0adaf20e072f895430597f0b1fd8ad0bb2d7987f488f949d
SHA512 fa801a4a03058251d211742140d2d448415398ccdd062686333048b87f550b033e7375b6f6c86d6b337fe2a1ef0ad9eff9a22fa242d6893f4c15657f501e3b4b

C:\Users\Admin\Downloads\Blueballs.zip

MD5 b51f1d7dcf8a0796689b8f27ed72c1bd
SHA1 cfe9616d36f3804e8f73870b71fe441cb2c4baf5
SHA256 a9f94c14572788986cc449bef1e14024d5b922a238076d9776f998f074f6998e
SHA512 f990c8e7bb87d0de1848f8990aa51c94c928f71532b244fa87dda1734ef603e7351a7475948d192f17dbbe87a2e350a92c19370bbfcda6628d3433280ca2990b

C:\Users\Admin\Downloads\CIH.zip

MD5 81d83c484d150d56a1924b2021752065
SHA1 4421d254f4784a3770166a2e116f3dfe3fff3a68
SHA256 6d87b85f561d6c25a7778d61ad78df07a3f1e7a8a7243bf0b8c152403feb478f
SHA512 9b52eea2ddd645f12a932253e4a80fd720d3a0c4f1942b027fc015b07ee28e37417382ca45308767efe619dc387ed2972a81a84edaf3170bea6ad00df4c7c351

C:\Users\Admin\Downloads\CIH-Killer.zip

MD5 096740f7ccac3025cbc9ffdd16da2c6a
SHA1 4eb12d4868fab98146e203f49ac100ff95ae7a56
SHA256 13f633ebffb450dfdf7f97d8e08ff59be408add0b333367d2ff15f2e69ec030a
SHA512 e46353d8f48f4b9d552b3ac31e826eb463736354ed4d0f799361312908dc4aa413272610baf90c3a4a4c7fee14305958329660e989b188cffa912f39933ea5c5

C:\Users\Admin\Downloads\Melissa.zip

MD5 c9a2ec1369b8be541e1ae3b985223051
SHA1 0e7f24fcb7c803ed2e929f0f7b745a3191a1a58b
SHA256 3825ef48194e8de2d9ba12fac1720c93180381053f97ae5f7d3aff7b929364f9
SHA512 80dd7cf2e754b0d3e7a3f1a1223d95b92210492e305f82bf436fd4150bda295a67e74f6e55fa7b5a992dab271ac9de1cbf6ee1555ddc3e250be1031ff79aec7c

C:\Users\Admin\Downloads\Antares\Antares.exe

MD5 edd7a751b4676dcd2065d7d44dd4c902
SHA1 402314bcc3b1841509e2e357023b688697b04e62
SHA256 5bc2d85780a31474c02e92a9a5ea73a82c8eeafe483197cddf1d2ffee473266b
SHA512 d38eb6b5bbda2ae05bbfb7d81a3de16075e7720b623418e0a3ef4f5d63487cb77f59ed8ccc3ba5dfbd7d01877d0d24d5b46a5bda64f1d7d5686ed167d2a54667

memory/4704-1009-0x0000000000400000-0x0000000000448000-memory.dmp

memory/4704-1010-0x0000000000400000-0x0000000000448000-memory.dmp

C:\Users\Admin\Downloads\Blueballs\Blueballs.exe

MD5 e9448ec656ac8c2a7103d676a326683a
SHA1 5245f2967ce59f2d3c2c1161542f59257e4a16f8
SHA256 12159f0ad528f528ee4b6331e948ed46e6064d1b584f5655d04e6dc90a6545ba
SHA512 3dd611b77071317c93ee0c37a5331c606e1eabb3cfb10959fd1b171c0473493e4398c0b649ee743331b227a0e21eac8fc324e7d62569da6b8a12ed6cff616c35

C:\Users\Admin\Downloads\CIH\CIH.exe

MD5 0255ab089fc9394e2339cf87acd073e6
SHA1 26eb457addb60f31b88949a85386c5a3b507c6c8
SHA256 65317a4bf674804d0d98dfc695b8423ea07a4f9b633511f5371d6f0a97a86e7c
SHA512 faa7ba49de396eb11d95fbe28faa5d228f307dbbbaf83b5d78f6c29f20d07be9e466d6d965c8209bdd580e951528f2057fd981778972e82dfb60052af96ec4d9

memory/3548-1014-0x0000000001020000-0x0000000001027000-memory.dmp

C:\Users\Admin\Downloads\CIH (Infected ALZip Program)\CIH (Infected ALZip Program).exe

MD5 7bc322d95951dfe16e8cf47ee586e909
SHA1 8c869a4b57a47ce0e9c578a33413f125d58dbc47
SHA256 6bf4879e15b5e25b35144fe4e136705afb501b21f78eb1cacf45618a1452d272
SHA512 a067d58e0e6bd78b712df92dcafe0f7e06fb9ae7467846e37bd4365e496d581e68a619527188a6202bdf233c11a04d36c7e6b3779da9cbc5c3e50c523f6ab133

memory/5088-1016-0x0000000000400000-0x0000000000410000-memory.dmp

C:\Users\Admin\Downloads\CIH-Killer\CIH-Killer.exe

MD5 96501416085ca7b7d0993aca886c4bfd
SHA1 c0c83d51624208c43e5d09437d632b68c5f0242f
SHA256 198b2e5d8ad0c57265f0865fb9a9e5f1b2c5b305e613ef8318dfddc136fb4615
SHA512 c6a88617ed694e947ae6b2a384ddc959e2d0c3c939b3a8cd19a7429fba9ea7fd2d76e0bb9fea6c142cbc9ee72b8b00a6ada8ac26b96790e03a366664525669df

memory/3200-1019-0x0000000000400000-0x0000000000406000-memory.dmp

memory/4880-1026-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1028-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1027-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1030-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1029-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1031-0x00007FF983EE0000-0x00007FF983EF0000-memory.dmp

memory/4880-1032-0x00007FF983EE0000-0x00007FF983EF0000-memory.dmp

C:\Users\Admin\Downloads\Melissa\Melissa.doc

MD5 4b68fdec8e89b3983ceb5190a2924003
SHA1 45588547dc335d87ea5768512b9f3fc72ffd84a3
SHA256 554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca
SHA512 b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 d2d393b7b5d35d025ed98a03fa939638
SHA1 483c2ebfdd96bc4d86c49f9b0c1c08b7416a056e
SHA256 8df4ef0fae9e88abf12ba2689a6d053fa685073c0233412cc9c6061700922f6e
SHA512 f85e0759accc31ac0a004ff42f97ce44992f59d608eedb618d052bdab1d4d4200de2948d483324a8150d70b8acb5eb73830027ef23541a82461b48949ed850ac

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

MD5 f07839cccf4313e3e72130c83d31d715
SHA1 01c878896842b11620e5b7a54d64831a4f0e26ab
SHA256 eb5b809e1074ea00b8eb736499b4f6112f78d131ee64ab14771937be872f036c
SHA512 2e3fc25341d26a273fbb8d45e51cfbabf20913d13c2c2dac6e0f81423c1a3dc3c3f4edca6f918aa29cd13c37e1f30b4e98b31dbe89b83a9c4f5a2b7d63992b93

memory/4880-1124-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1125-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1127-0x00007FF986310000-0x00007FF986320000-memory.dmp

memory/4880-1126-0x00007FF986310000-0x00007FF986320000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 76b7811238f90dc62fada93c0fedab12
SHA1 3e42921651bfa0d0d52f21cdebd61d88626e2478
SHA256 ce705ee0cfbf090c505c8f1988cf3d885d6f6a4c2c479a6e651196b4fc938547
SHA512 7abac21e37b5a9e164c70023293b71a99ea729f76f59f5d2fd0e772fdb2a39ab4cf5ecb4facceda1d929c0dd21abc21abdfda707641cdf4af55199189601752c

C:\Users\Admin\Downloads\芸能人が本気で考えた!ドッキリGP.zip

MD5 94231658a47f0c29ce8cbdb4e5e7b344
SHA1 4dd6c877b2b2bfed7243bdb37a3a18da88a7f1e3
SHA256 b0eeb06ecd02306a38b4927c19c11ee5427a27d380d2b0ae6b7a7a79abb30879
SHA512 862751f7d9aac37de90efdc66ff29dd5230c655acf4d8cd7e6988e6ce5b6a918c19f99d1326bcc63c662205ec920c7efc3908c45fea1670e3412b7ff0d9fb8b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e01e0c7ef84a1b044763f8009f0331a
SHA1 847882540640c70a1d18cec570b19a3ff0adb96f
SHA256 b242d3baf1e8e66e0358a190ddfd64ba5e17cca7519c91c0818653a23824f6f4
SHA512 36b111f48a632b5590013696d39ba95320fe0528df4430d761d25d5514f85839f905d1187d89f2d165800efb38f7655ff8b85a3feaa0676113cd05bd017a5478

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07412e051f966197758d53e965caa765
SHA1 001275287bdba05a63bc69ee469ed4d14e3a9ed0
SHA256 68a45154deaaf99ce89b6b13322f01645c7edaf8f912313ab5df5e7ebea7175a
SHA512 344aab885e7fb8100ba42d107a2885c68301adeaf91e61f6071033ebf085d2d69e79cf313232e78917ae2c042bc30079e0893eb48379f564c1670595c16f1e46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f1ac6bf7c770aac22b23284b04b23056
SHA1 12528dfff0e89efdb986dc1cb5acf1c2dc14d370
SHA256 782ef6b68a6c4322313085f05801495fdc0d119c1effe16205a5a6c9f2bb9da2
SHA512 1be18ab2f89e01083ff50f35203a962b0d1e12a4bbab1c7f898ffccc968200c2c644ca6b69fd0386c7e61e8d1454b52f388dcd41f1c1b552f9d3f260a5b6b7fd

C:\Users\Admin\Downloads\暇4.0.zip

MD5 152516c46be9d942fe302bf5575f306f
SHA1 e60428efa76ce932c06b628079104e9be2ebf1dc
SHA256 5bdb3ec81729a936fcd2083e24f5cffc00ba0f580ae7d2ccc069131054e51c7b
SHA512 36d5aa916af6d90a5702b4375225706368bb4a572f68dc2649926779268497cfcabfafb41c2b1d0ddba074d0dbfa180ac6a3a3e0681e6e1a6df51cab07ff028a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d745a24e7398448afa6c6eb9e1aec1c9
SHA1 f5225fa9d1a7c34cc0d4abb564304682f4ae7e70
SHA256 b1fa0b8c983b361cba1542a76a958f986d59d701324b482977d0a217b8b47730
SHA512 2ae0b7c666eec3abca1398f1e7ce333bad3b5145dd2a8c596a553e3421ff4b4db75b58f4a11eb1e4af2d3ec3c59a88282a92b1e96a9b032f9a16eca082674958

memory/4260-1199-0x0000000000400000-0x0000000000407000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e853d8ac40659cc3b445d93fcbdd042e
SHA1 e29d465194599a0a68a3db34dc4950f3c9e7bd78
SHA256 b86f6a381719c7de63f0dcbce5da0104c5e3e5bf39399253f55b94247f1c7258
SHA512 0abe60a9bd99922216d497a6f6acf02dbf46640742ae4e8fc1f63be02bf1845f377e9486d423a7405b4918e0fcfd0e85362ba7d5cc282b9d9d413fdf5e113afb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c1a0788116d39d8a0df54cc71ba5b0ea
SHA1 52c3c02dd3f89c24f35132eb4c2532ae868f15d3
SHA256 e51ba9b108274c69b21e0b22651f7ff497f9818e8ea85c1387a560cec1085310
SHA512 fd01e8cb7bc3ecc9c32ba0b1516deacbc8f853e0e5fb7d2e45d6b399c1528706e481e0d2373b77e058aab5bc8481c5e14edab9f8b529a26650ba19b7e20dc6b2

C:\Users\Admin\Downloads\xxx.zip.crdownload

MD5 4f54e82d9ba3bb444e926f3b3298b020
SHA1 75db000f6e76946253a07dc55882398c693d134c
SHA256 39a6d5c1ff799dc641fd88323c5e4b4c79f41e0645627cb422b3d5871d4509fc
SHA512 1ce4dd2350e2cc4e94fb8f7fdc8f937feb7400e12761996124ffd4be1b2a9788ac1a28cf313d8432f44e450842a0f00af4259849a8df4333f420f304dfc61f4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a95c4eb3b3962476f211687bd9e7d94
SHA1 2b270d8ea30f239e429d1b8fbde1b61608a45578
SHA256 4309021ed9d90ddb1710e4b374108cb8d2e128e0156473ccbcf1b6acf14643fb
SHA512 573e7111d5ab9adbb78e1a4eef996265c8f355c2cf1ea55bfdb330710e726d635c5e6f276d7d021ea33c097c27e134587b4ab891994b17cb76409f5d829e2d2f

C:\Users\Admin\Downloads\winRainbow.zip

MD5 d726fb90a27f57a0e8da099c4896c258
SHA1 8476b2f6653466a2c33887caa6773738d8e15008
SHA256 f2a203f3227c5cfacf8550831c2135b4a618012ba9282685d79232a6826d50ca
SHA512 39c2acf8998bca8a9d9dcaad62ccd61c8e01750ff9cea823465f558bd9e78d1040abcbd7ab5b639ff5849a5bd4753113e30d7ab211066a23f364966602cc3ceb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 41c98d9033a1b6bb73656bc47e8d2a9a
SHA1 24c430a271b5aec23826c375cb48e9b6fed93809
SHA256 e42caf194c2d36eeb201f7cea5a51ca548cbf6427bd31fc6b1442e3d34ffcac5
SHA512 db79c2bcf3304aae115d30b2ce3fe85bcb6dd94e424ca9680dce37e673af86e38836bcebb0cdbacad1089534d0ce3a77c73909c99b972746016ee594ae02dc8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75257c8b73496888b84d2332da272bbc
SHA1 b3e76b0d0ad3a44f0dc23171b298812d250705ba
SHA256 163be59337753471d06d0839619a274537a254a96957cb86df06555c9dcb5882
SHA512 cec578fca7a9673c65b321400fad4a14a4c99658e34384d1df9cddbdfebba447dedd0ab343e5838217bc888f8d22cf80352317e1ae2f24947899e823ea2093ec

C:\Users\Admin\Downloads\winDelete.zip

MD5 544bd261c3c3067b9162ea733037a744
SHA1 20053163193a130015ce0830df1c36f092591b89
SHA256 3b000c1bcd29474e32b81cb157a2423bdfc86188bd84f3af4840bb57170e3964
SHA512 a6a50054417686aff246eb6c670757cd190f4a9429eb796362471d6d568ef170172f39fd00f83955e97ae818e9860e848e44da2716a8c813518209b6130547b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9d9cbf366d31e3b4d98d2ca73141c2a4
SHA1 13d1e2e4cca53a004e1b1cc97ba9860fdec70e1a
SHA256 dedf30f3156e8e0401e10a9efeae57d8c2991c1fc0c9a239a78c77ff03554b4d
SHA512 8b5f360819e7692f4772dfb0f07b4237832394df6e58f71d88673c4a6237dab1279480d66a791bfe67edcaf2b3c18a6fdce3cd8f1da1e27748b707a1db0e5565

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b470e66673df0fa963c8d47a70f3cc41
SHA1 fb3adfd196ac54b5457129fb4efc00c829a03a99
SHA256 d33972bc4b43e92d7d8cee5c0cb7e68ef87f1ccbbd645107df42f32aa4c7317c
SHA512 4a2bf7785f1908ce67ba714f94e658bc6f278af2b3f0793ab4ac79c99a397614c63377b68abf39e55a96aaf8d70d237fbf91291288773e09fb70c24cb41e70a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4e2f15c3-884f-4b84-be9d-af8eed2cb0c2.tmp

MD5 05e04b9d797161a7615f3d81d0b5f01a
SHA1 eee23b774d81b8b505401e6f20cfb30fadfd4c91
SHA256 0e9c01691187c3a79fb59a20776f361d75fa824da911bc6095d8d44abf0c9f32
SHA512 a5cd898435a25e808352722e7da990f314209d69ebf4947c0b4f802f3b5455dac36d88c7f9b3e826ac9494175422bd0b74ca241aa19d0c5c248a0d0663f9c5a6

C:\Users\Admin\Downloads\trashclean_typenew.zip

MD5 37f49ea98aa05b9fca076c204d2f2b9f
SHA1 d7b0f17eb966dfd1266934615a296eee19c4bc72
SHA256 e24d52c7a99338042ffdf2e3275fa5436e0a020fac325efd7673bb3874c0a66a
SHA512 808059e3b6ac9ffa5f09b7b7a748484c8f2f16b1c4ce64accc16e889f3c064ba95fe6f1d2f53166945c9a5b97cd9734d3750a137e3e90f9635706f292ab8edfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f92e15ed1dc2cd27013b2be9b72ce53
SHA1 84ac9696f1ae3d954faa6b0849f2c324b750abd4
SHA256 8447f1f5887b536bfef61cecb5d1a6ccf763c7720a36234620bcb0b2d95c042f
SHA512 18e9724510a61e5950f15446c03562a4d2ab7fae6976263e36641f71c372a993b9b72ef4a463b743741bdd41a17b7c4c42cfe2907d252a402fbb18bfbdcf3607

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82d72a207fd019acb9c9469844484843
SHA1 b49074fb41d64efd4e02d265f66e5e5c734fd6c0
SHA256 5317176e3233de5a94bc127e23aff87e1899569a76ffa387f4722bf5c448c6d6
SHA512 ceb82bc893c8b042bbce39b4d2f03543dca1f9047d35025202ed6e3eb882ad2226e9547dad63d624f967b12cc7388379e57c396d8ca0cea073418707b3293221