Analysis Overview
Threat Level: Likely malicious
The file https://github.com/pankoza2-pl/malware was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Downloads MZ/PE file
UPX packed file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Opens file in notepad (likely ransom note)
Enumerates system info in registry
Delays execution with timeout.exe
Modifies registry key
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-16 02:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 02:49
Reported
2024-06-16 02:56
Platform
win10-20240404-en
Max time kernel
135s
Max time network
168s
Command Line
Signatures
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5B89.tmp\\MBRKill.exe" | C:\Users\Admin\AppData\Local\Temp\5B89.tmp\MBRKill.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\5B89.tmp\MBRKill.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629798936335885" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malware
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe3da99758,0x7ffe3da99768,0x7ffe3da99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1840 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5392 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap1928:66:7zEvent11698
C:\Users\Admin\Downloads\@䗊𤍳_㱃ͷ戥̍뒿.exe
"C:\Users\Admin\Downloads\@䗊𤍳_㱃ͷ戥̍뒿.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5B89.tmp\4aByo.bat" "
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\MBRKill.exe
MBRKill.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Local\Temp\5B89.tmp\MBRKill.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\5B89.tmp\noise.wav"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKCU\Control Panel\Desktop" /v Wallpaper /f
C:\Windows\SysWOW64\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\note.txt
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\waves.exe
waves.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\inv.exe
inv.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\glitch.exe
glitch.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\wide.exe
wide.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\smelt.exe
smelt.exe
C:\Windows\SysWOW64\timeout.exe
timeout 8 /nobreak
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\5B89.tmp\noise.wav"
C:\Windows\SysWOW64\timeout.exe
timeout 8 /nobreak
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
scare.exe
C:\Windows\SysWOW64\timeout.exe
timeout 30 /nobreak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 --field-trial-handle=2124,i,15235027374563149257,10541288934712064217,131072 /prefetch:2
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\5B89.tmp\dead.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.238.32.23.in-addr.arpa | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4604_ZOQQICLRMJUSTDTB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dd73ca8e89bf3af539ba03b69aab97c3 |
| SHA1 | 2781a3851b7f2b1bcb665b7dbcd62a2a09b9dfcc |
| SHA256 | 911f760d8db434228fd26ed58b35c7f3ac1cf5dd18745478b9099e88fc3ef99b |
| SHA512 | cfb4ca03df37f8c90e47c73a985be2e08be58583e725c88f555f8f6664ca65bf7e4cccc905c1feffea4c6535577bf790a06c3555d8029db6334c9bfeb5a87b1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 369d4e84d05c5484c9fcd068772c436e |
| SHA1 | edb3e7adf02e1b5ea41128aef354f7c7432afa48 |
| SHA256 | f0c39a50c9aa8e18f3deb2410c3ac042a3cd1022746963d309c2a47c8bb4fd70 |
| SHA512 | 72034464a9b21d81008a205e150807b47ada8b8c2dfa19adf11fbd94026b6bd508cecbbbce76a1b8223779f603194d397184c1c019f5ffc7034264b06365f34a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ac4b720391c4f8419e2d9a6c9a2fd9ef |
| SHA1 | d7d00cd46940900e3ba82311791162faa7e1ce7d |
| SHA256 | 83d7a40a71b8fe95e5a18fb1780cdba9194cdb546134009caf38374ec7f7b2fc |
| SHA512 | 0a8d2f0623709703f0556081737e199f7cd48c9ef7949a31341d2559787d7bed0e161f3ef0a84c46063662d3aee6a11aa4c5ea5310ff691e726168e8da595bae |
C:\Users\Admin\Downloads\Monoxidex86.exe
| MD5 | 5c378b11848ac59704c2000b4e711c30 |
| SHA1 | 6a46c53fd89b1f66d3fdab7653181e8a3e56d418 |
| SHA256 | bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e |
| SHA512 | c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04a0098eb2f61604578c38fffcb24301 |
| SHA1 | f98708c28ff0986f227781ba6ab8ed32494320f7 |
| SHA256 | 0ec568526ff933bf1ff0f9a042ac8b38de771dccd6708a771d34a2b5c49630bb |
| SHA512 | 3f42279b10e0b5e9bc1ae1a7656f3eda706b0997575bafa9e78d2aab2661922b5f5c1bd29a83b975198726ac78c68dad8643956a98d829000d5e6bf6c4430664 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9068cc7a-08f6-4e7b-b138-aa2816dec967.tmp
| MD5 | ae148e505032bc74e379fd7eeec52b04 |
| SHA1 | 9b0f81a853ee4f2a868aa153f6fc915fce81ca78 |
| SHA256 | 9d6e730d66e15f82ac9f34e82a101cc28aa3b4e9dc71b4d43c7fe1a58e7a51c9 |
| SHA512 | 4d8d85b8b3fd01bb35e0917d97eb13cf4b1d1d0cf16fb8ddff4922538689818f34dc4ff81f70b3d1b8e4c522006ac55cf04f852e5528352402f1dc1ab3b077e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fec3.TMP
| MD5 | a2ce1a7555854f9ab3ba7808d326d4b7 |
| SHA1 | 96477f6f87dede0b579a5515a2d51bbe57d9d090 |
| SHA256 | d8ba7a6ab53b83711502c1a24ef9fe018eb19ecbbc3452f5caa6253dbae3cb99 |
| SHA512 | 9f1cc6b735e9ba45b8102df1efb0c241d8802ec314c9b36e6f24cfee67491a8ff7ab466251235bfa9e175094468e5dd5a8fb2b13906df5180a34a57105ce798e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4fdbda43b2e96e9717013309e4276ab8 |
| SHA1 | 960410dde9e8ebda2f5914a4f973e76b738b89a7 |
| SHA256 | bda0bea865b056607c2ad2b63cf0b6aa1aed936db9adbad860c6920a17f8448d |
| SHA512 | fe564c47ddd7e8f5958082818e23c6452e4b836365ab5fa4d35b054700ad133c131779837b761782174337c4737ea9ef98f730df2ebaa01906f1ccc46124b55e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15b973034d1318a4621a11063ab35361 |
| SHA1 | 7ff9f87a855d69c373ddde89390347670eb95a0f |
| SHA256 | 37a0adeeb3e2ec164604a42b6f69e75e974dde8ea37791a1c4bedd27dcb5360e |
| SHA512 | 9fdf48a74e122bffacf6e8c50ac6417812cb50d8dd9b5dbf7ff47217f4bd880353155ea4f22d035023aa8e8616e3c0c338d4fcbcab8769711139ebe1baffbd0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c1e17799f5f06ab97f9fdffe6cfbf2a |
| SHA1 | 61f382deb527ce62b893f808f78ff77de80a2563 |
| SHA256 | b07aef0c64a7c1421a0e32eb9e8bb3f042649648744e8ad463a54056ff8caa29 |
| SHA512 | 1c3862bc5cbe56318bc5549f5c1c6cc39163e63b7d77d57498b3efbb7215f26a7642a1bb268528e6d19d6e07715fcc44267b589f268a2e4a552ba2ce7c5e63a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23b01fa9e77b5e855abb09d65655d601 |
| SHA1 | bc8ec50ca90a1b4c896961d6964f969ffef5cd50 |
| SHA256 | 2851dbe8b24ca6adb61dbeb634ebafee7d7ea8eaf3b8e29a906fd0086184c233 |
| SHA512 | 1e773edbe58ab0d479cd51c54f94e328b1010b9f3e862d1486615aad41456573918579ddd68313cae80167703a5b44b0c0c822c589e5ef986beaf2fa8c9b737f |
C:\Users\Admin\Downloads\@_.rar
| MD5 | 3c5b4daab72923e28be0827ad67453dd |
| SHA1 | 926050c0651113052b6be79c94866aa45bb3136b |
| SHA256 | 1e2bf07f4c56b026eb9a035edb528825c8bb3f33f24fb5ab21cb4b63c4741801 |
| SHA512 | 4ea18205b7f49bc7895d923dfe2d134e3a8d2aa391969f9497add125234f098e8022ab27583af879de1eb07be83afbe855947f3c256b7ca96383f7ab4d395817 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3d8e4626810e43d7b685c2929a1dfaf7 |
| SHA1 | 9561e4216fefbb82a000fdb2278eda3747eef343 |
| SHA256 | 9ed1ab2d3543373c484765d81305352ffecc660956f96b1e8b767eb3fbf0b6d8 |
| SHA512 | 6b4ccebe1ad1d96d8e08ce3a3dbec3d6571307cf1d460f75f5e080f111709ae935022d64699bfb0c09d1a2fb36f2849d815ef9a1ed43572e6bd44531ee19dc84 |
C:\Users\Admin\Downloads\@䗊𤍳_㱃ͷ戥̍뒿.exe
| MD5 | cbe6ca041ae24259c56d8314a98d2f08 |
| SHA1 | 383edb54faf8f4a01bde3875d0e58991f6f5b7c2 |
| SHA256 | a74ca072d58be1391eea127151a92e55ecc0e37c85d6a372542d037a3836e04c |
| SHA512 | fbbcbccf73b4ce36001e62d581ca5181d728a791b4ff5fb58ead33ed0c096b74b3e8b14afb9d789e63eae67728a0a1cad75ab72fa81953ba105957a91ce3f660 |
memory/3248-300-0x0000000000400000-0x0000000000778000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\4aByo.bat
| MD5 | 172916fc3b38a73e6550aee044b9fd47 |
| SHA1 | ceb94474992cd8fa55348dbf415ad3e908501a54 |
| SHA256 | 0ff8d1120acb367b036812112e180e386031f748cf359792c2d8877f3c629ee0 |
| SHA512 | 069b9f032a7ea5194d6ef1d0f19f3a1e30524f12ff9d55a31239a43be76b39d19cafe5c148dcd283c31b1b98f3b1148342d9416471066c33946a4d509ffa3607 |
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\MBRKill.exe
| MD5 | 70c47432ee7a3638a1d035698aa98fb1 |
| SHA1 | 45502281a996b0ec20df640f6a237edcf49660e3 |
| SHA256 | 8636cba6f66ca63b46423f1d690e61693e6d2aba6f7212973fd454c5acd07dc4 |
| SHA512 | b54b060ab92eca123f7442810c25b4d95c0064ceb84796755091e63a817b68abc5a3a8cd2b42c110dbf11cb341f1e77c2095701fbd3ba4d09b4eed7582f7fd94 |
memory/352-325-0x0000000000400000-0x0000000000423000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\noise.wav
| MD5 | 4a22c1b487dfe738bfbeeeec69ad0f97 |
| SHA1 | b3ae400d0cc54020508f6e6606a5c78f30b41e53 |
| SHA256 | 14701f2797e8a89627a58379c21705846bd3a4d1ca13c20ca762fefb713a7f84 |
| SHA512 | 3301169bd736d935a787577e2a25cf80c084726140b6ff2c145b599a5252d9b8a193f12e6ee464c1fa348013e423a4126a235f3aff480c206323aeec33590de6 |
C:\Users\Admin\Desktop\note.txt
| MD5 | 61a34f1498c3f5b9018f6eb8523d5285 |
| SHA1 | fa68bc9c5648c5cfe708ea9f5b6d9bb7efedfe2f |
| SHA256 | 7977c0d28a6e7111499f42835d9555fbe9e4a2946ab09deb5ee4c31b745f357f |
| SHA512 | 6927caf8fcc7e462052e65d136a25baa40a4c2b871e465768bb494d35be3b45cb9aa348fb992779c4e4ec8cbde837558012f4100a1089481217934e6a55cd852 |
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\waves.exe
| MD5 | d8e680ae1d2edd79fc67b784b3a47921 |
| SHA1 | c17dc567d2734a0e15c9d1d59808d56d1ae2da25 |
| SHA256 | df6dcaef3930c089873e74f85ec7f6bf390f84bb173be3323d0b79262c4ee6d4 |
| SHA512 | 96bd83a8d79adc9235f0e7f16fdecfa0e084facc163765737d2a8c89eaaaad04daed561e90a299eba9303043e0b6bdbba63bc2af8a875ec435d585ec84013fba |
memory/4208-451-0x00007FFE31950000-0x00007FFE31984000-memory.dmp
memory/4208-450-0x00007FF6A5560000-0x00007FF6A5658000-memory.dmp
memory/4208-452-0x00007FFE2B940000-0x00007FFE2BBF6000-memory.dmp
memory/4208-453-0x00007FFE2A680000-0x00007FFE2B730000-memory.dmp
memory/3248-454-0x0000000000400000-0x0000000000778000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\inv.exe
| MD5 | ebb811d0396c06a70fe74d9b23679446 |
| SHA1 | e375f124a8284479dd052161a07f57de28397638 |
| SHA256 | 28e979002cb4db546bf9d9d58f5a55fd8319be638a0974c634cae6e7e9dbcd89 |
| SHA512 | 1de3dcd856f30004becee7c769d62530f3a5e9785c853537adc0a387d461c97b305f75cbaf13f278dd72ba22d4650e92c48edf3c3a74b13ed68ffc0d45e13774 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1912c783b4668a4f29b699b222f96a3f |
| SHA1 | 5b34c972f3cac61a6aae7873c729ed3b00632536 |
| SHA256 | 806a5cba9a0586876e5f0cf716e22ec95b69d2c91dd83a2633a41d0c5db6a8e7 |
| SHA512 | d4f91efcd7e34cd11fa203c5f43d8e777ab7e5ac01ec4b01bba209ff1d3d62d2f0023c99be9c542c9114923e19893cfd081679b011f2acfc5856638f87ab333c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b9ea8f85f7ec942fe86433d7a352f63c |
| SHA1 | f7e3d275d1e28c375ffa66651051a0c0900557a6 |
| SHA256 | f136553b7ab42ae0c22fe35f98ae82626041dc5a973d8a13ef3b5291fca98703 |
| SHA512 | 2b69cd6f341c03c279369827ccf9a1ce33cdedc543b7829e472cde50905fb445526c36921593792dc3850c1754d2db1ba1a053611492711b679582054834022e |
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\scare.exe
| MD5 | cbf06517a75eee73ff7a614981384457 |
| SHA1 | 5f9170599ae00af788c0dae8eca33c5cb3a7a07d |
| SHA256 | ae5252be8cad37a12f70f94751f5a9db15866a6c395dc5eba505ecb05d414a9a |
| SHA512 | f9e14bf6a399c78d1173a05a5f869437d953c01ca85dfc863858b64dfb4996a37a38741a6ae16595cf9eb127e6574416100fd7ce1c86c86a72afec9b0c4c9d21 |
memory/1104-475-0x0000000000400000-0x0000000000411000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\glitch.exe
| MD5 | 47801f0cf73d320054676a56d0264edb |
| SHA1 | 14147de6009f6ad7308cd0cc42864f85d4f41fa9 |
| SHA256 | f25853b17ee25c1df537cd39ba15a338b92b0812833e3a523aa2f90efbf766e8 |
| SHA512 | 2d8f22ea28fbde67f63ea59d262df06658f075d1ef05c2837cea599528d01115a84ab5f88678c4a1fefd4f66a4946b7b20c7744a5bea8dcb3b5444e6c614d2ed |
memory/1016-480-0x0000000000400000-0x0000000000460000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\wide.exe
| MD5 | 2ffb956f7e7a21c54dd411e6c6b7d005 |
| SHA1 | dfc93dd147899795ffe7a267ac0ad99007f66a29 |
| SHA256 | 940d9430f23f368c01d8ec7df2acab17688ae329f820cbb00bd6d07c0600219a |
| SHA512 | 0766a74896cb3ab6c26b0aed303974aa53cfa909346a00274bb8c829d306d0e23d4e3a7db5b3422c726749eebb5f35b3e9ea790402cae14208b8061b7d1a06bd |
memory/4212-485-0x0000000000400000-0x000000000047A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\smelt.exe
| MD5 | 615d04a80c94f9e36efb9c567a8afc34 |
| SHA1 | cb3b158ce9b5a0eef3097c55c226e6084a4f4877 |
| SHA256 | 9f2c6d14a476d10615fe8e099ef8f87681b80382665b81c041eb5128ae7c7cb8 |
| SHA512 | 0b4c3e073d170b7de1635e3b6af1f641215d217ce9f96d6c57d2ca8a6af45c9aa94a84b6b9f0876a7a8a7a31763943ba5e3bb6f44316a3a2007574359c461294 |
memory/2164-491-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1016-490-0x0000000000400000-0x0000000000460000-memory.dmp
memory/3588-494-0x0000000000400000-0x00000000004EC000-memory.dmp
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf
| MD5 | 781602441469750c3219c8c38b515ed4 |
| SHA1 | e885acd1cbd0b897ebcedbb145bef1c330f80595 |
| SHA256 | 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d |
| SHA512 | 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | b82a05c3d249cee22374326abe993f6b |
| SHA1 | c6ed9ac2c5d2f05aab76d59f25cc3fe9758ab927 |
| SHA256 | ba2f1e22afdbe0a2cf594b578eba8cebb9f788cf1a3303921672b5d9c7e627b3 |
| SHA512 | 0d64efe342cd77a1e96f33060535d6667302671f7558df67532219e5f41855d6a2c83717e06cef0f916d11882f0a7b8fbc781ced583049d8beef635e820c8295 |
memory/1016-502-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4292-504-0x0000000000400000-0x0000000000477000-memory.dmp
memory/2372-519-0x00007FF6A5560000-0x00007FF6A5658000-memory.dmp
memory/2372-524-0x00007FFE3D6A0000-0x00007FFE3D6B1000-memory.dmp
memory/2372-523-0x00007FFE3D6C0000-0x00007FFE3D6D7000-memory.dmp
memory/2372-521-0x00007FFE2B940000-0x00007FFE2BBF6000-memory.dmp
memory/2372-533-0x00007FFE3D560000-0x00007FFE3D571000-memory.dmp
memory/2372-539-0x00007FFE3A9D0000-0x00007FFE3A9E1000-memory.dmp
memory/2372-542-0x00007FFE3A420000-0x00007FFE3A437000-memory.dmp
memory/2372-541-0x00007FFE2B4A0000-0x00007FFE2B5AE000-memory.dmp
memory/2372-540-0x00007FFE2B5B0000-0x00007FFE2B730000-memory.dmp
memory/2372-538-0x00007FFE3B420000-0x00007FFE3B431000-memory.dmp
memory/2372-537-0x00007FFE2BCC0000-0x00007FFE2BD3C000-memory.dmp
memory/2372-536-0x00007FFE2BD40000-0x00007FFE2BDA7000-memory.dmp
memory/2372-535-0x00007FFE31960000-0x00007FFE31990000-memory.dmp
memory/2372-534-0x00007FFE3CEF0000-0x00007FFE3CF08000-memory.dmp
memory/2372-532-0x00007FFE3D580000-0x00007FFE3D59B000-memory.dmp
memory/2372-531-0x00007FFE3D5A0000-0x00007FFE3D5B1000-memory.dmp
memory/2372-530-0x00007FFE3D5C0000-0x00007FFE3D5D1000-memory.dmp
memory/2372-528-0x00007FFE3D600000-0x00007FFE3D618000-memory.dmp
memory/2372-529-0x00007FFE3D5E0000-0x00007FFE3D5F1000-memory.dmp
memory/2372-527-0x00007FFE3D620000-0x00007FFE3D641000-memory.dmp
memory/2372-526-0x00007FFE3D650000-0x00007FFE3D691000-memory.dmp
memory/2372-525-0x00007FFE2B730000-0x00007FFE2B93B000-memory.dmp
memory/2372-522-0x00007FFE3D6E0000-0x00007FFE3D6F8000-memory.dmp
memory/2372-520-0x00007FFE414D0000-0x00007FFE41504000-memory.dmp
memory/1016-543-0x0000000000400000-0x0000000000460000-memory.dmp
memory/4292-545-0x0000000000400000-0x0000000000477000-memory.dmp
memory/4904-549-0x0000000000400000-0x000000000047A000-memory.dmp
memory/2788-550-0x0000000000400000-0x000000000047A000-memory.dmp
memory/3084-553-0x0000000000400000-0x000000000047A000-memory.dmp
memory/4712-554-0x0000000000400000-0x000000000047A000-memory.dmp
memory/32-555-0x0000000000400000-0x000000000047A000-memory.dmp
memory/344-552-0x0000000000400000-0x000000000047A000-memory.dmp
memory/1396-551-0x0000000000400000-0x000000000047A000-memory.dmp
memory/1292-557-0x0000000000400000-0x000000000047A000-memory.dmp
memory/2004-556-0x0000000000400000-0x000000000047A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5B89.tmp\dead.vbs
| MD5 | bd6debfb65fe31f1dc81da11f0c67f38 |
| SHA1 | a9511d4c1c0b49b089274592eabc921d7e272926 |
| SHA256 | 5ae6cd6eddf695f057ae3110f5cd9e19d9b3ef1b33fe91a9486212d9383998c5 |
| SHA512 | 8eba7ce112893e8c11f783b44975d5cdf55e6f2fb6d568fc3872e746a7cbaabf54c45864138a135178e1814737d986c20ffb200562a07c431b9461a32f4f1629 |