Malware Analysis Report

2024-10-10 13:00

Sample ID 240616-xyvbpaxemn
Target IDAinjector.exe
SHA256 221247315b5bda1b8c357c2971660d2cd4acc6ec7844f19256e4508a31f7d986
Tags
pyinstaller dcrat infostealer persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

221247315b5bda1b8c357c2971660d2cd4acc6ec7844f19256e4508a31f7d986

Threat Level: Known bad

The file IDAinjector.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller dcrat infostealer persistence rat

Modifies WinLogon for persistence

DcRat

Process spawned unexpected child process

DCRat payload

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Creates scheduled task(s)

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 19:16

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 19:16

Reported

2024-06-16 19:44

Platform

win10v2004-20240611-en

Max time kernel

1629s

Max time network

1631s

Command Line

"C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe"

Signatures

DcRat

rat infostealer dcrat
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
File created C:\Program Files\Windows Mail\9e8d7a4ca61bd9 C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" C:\portperf\sppsvc.exe N/A

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\DLL (1).bat N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\portperf\FontrefPerf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\DLL.bat N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\portperf\FontrefPerf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\portperf\sppsvc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjector (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A
N/A N/A C:\Users\Admin\Downloads\IDAinjecthor.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Mail\RuntimeBroker.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Windows Mail\9e8d7a4ca61bd9 C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\e6c9b481da804f C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Uninstall Information\088424020bedd6 C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files (x86)\Windows Defender\ja-JP\chrome.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\MsEdgeCrashpad\StartMenuExperienceHost.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\ModifiableWindowsApps\spoolsv.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files (x86)\Windows Defender\ja-JP\7a73b78f679a6f C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Windows Mail\RuntimeBroker.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files (x86)\MSBuild\csrss.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files (x86)\MSBuild\886983d96e3d3e C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\OfficeClickToRun.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Microsoft Office 15\FontrefPerf.exe C:\portperf\FontrefPerf.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\StartMenuExperienceHost.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\MsEdgeCrashpad\55b276f4edf653 C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Microsoft Office 15\d4fb220fca7969 C:\portperf\FontrefPerf.exe N/A
File created C:\Program Files\Uninstall Information\conhost.exe C:\portperf\FontrefPerf.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\GameBarPresenceWriter\taskhostw.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\BitLockerDiscoveryVolumeContents\csrss.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\BitLockerDiscoveryVolumeContents\886983d96e3d3e C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\servicing\en-US\chrome.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\tracing\RuntimeBroker.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\ja-JP\System.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\ja-JP\27d1bcfc3c54e0 C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\SoftwareDistribution\EventCache.v2\7a73b78f679a6f C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\GameBarPresenceWriter\ea9f0e6c9e2dcd C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\SystemResources\Windows.UI.Shell\dllhost.exe C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\tracing\9e8d7a4ca61bd9 C:\portperf\FontrefPerf.exe N/A
File created C:\Windows\SoftwareDistribution\EventCache.v2\chrome.exe C:\portperf\FontrefPerf.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630392682996301" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Users\Admin\Downloads\DLL.bat N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Users\Admin\Downloads\DLL (1).bat N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\sppsvc.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\portperf\FontrefPerf.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A
N/A N/A C:\Recovery\WindowsRE\RuntimeBroker.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4628 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe
PID 4628 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe
PID 2556 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 3448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 3448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 1104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe

"C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe"

C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe

"C:\Users\Admin\AppData\Local\Temp\IDAinjector.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2204,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc8fb0ab58,0x7ffc8fb0ab68,0x7ffc8fb0ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4384 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2760 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1928 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=608 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4340 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1580 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3176 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1404 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4988 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4328 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1580 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Users\Admin\Downloads\DLL.bat

"C:\Users\Admin\Downloads\DLL.bat"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\portperf\gBPbgp2NHqWBQeQqSprglRrd.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\portperf\qAMN9zFfBJvEbgSzb0xn9ZLj.bat" "

C:\portperf\FontrefPerf.exe

"C:\portperf\FontrefPerf.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Mail\RuntimeBroker.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Mail\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chromec" /sc MINUTE /mo 5 /tr "'C:\Users\Default\Application Data\chrome.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chrome" /sc ONLOGON /tr "'C:\Users\Default\Application Data\chrome.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chromec" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Application Data\chrome.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\MSBuild\csrss.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files (x86)\MSBuild\csrss.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\MSBuild\csrss.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "servicess" /sc MINUTE /mo 8 /tr "'C:\portperf\services.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\portperf\services.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "servicess" /sc MINUTE /mo 9 /tr "'C:\portperf\services.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 9 /tr "'C:\portperf\cmd.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\portperf\cmd.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 10 /tr "'C:\portperf\cmd.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 13 /tr "'C:\portperf\sppsvc.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\portperf\sppsvc.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 12 /tr "'C:\portperf\sppsvc.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "unsecappu" /sc MINUTE /mo 7 /tr "'C:\Users\Public\Documents\My Videos\unsecapp.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "unsecapp" /sc ONLOGON /tr "'C:\Users\Public\Documents\My Videos\unsecapp.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "unsecappu" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Documents\My Videos\unsecapp.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 12 /tr "'C:\Users\Public\Libraries\conhost.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Users\Public\Libraries\conhost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Libraries\conhost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 14 /tr "'C:\Recovery\WindowsRE\taskhostw.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "taskhostw" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\taskhostw.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\taskhostw.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "OfficeClickToRunO" /sc MINUTE /mo 9 /tr "'C:\Program Files\Mozilla Firefox\browser\OfficeClickToRun.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "OfficeClickToRun" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\browser\OfficeClickToRun.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "OfficeClickToRunO" /sc MINUTE /mo 5 /tr "'C:\Program Files\Mozilla Firefox\browser\OfficeClickToRun.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 14 /tr "'C:\Users\Admin\Saved Games\msedge.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Users\Admin\Saved Games\msedge.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 10 /tr "'C:\Users\Admin\Saved Games\msedge.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Windows\tracing\RuntimeBroker.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\tracing\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Windows\tracing\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "FontrefPerfF" /sc MINUTE /mo 7 /tr "'C:\Program Files\Microsoft Office 15\FontrefPerf.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "FontrefPerf" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\FontrefPerf.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "FontrefPerfF" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Office 15\FontrefPerf.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Videos\RuntimeBroker.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Public\Videos\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Users\Public\Videos\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f

C:\portperf\sppsvc.exe

"C:\portperf\sppsvc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4628,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3080 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5068 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5008 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4952 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2580 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4952 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4520 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "FontrefPerf" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "FontrefPerfF" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "RuntimeBroker" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "RuntimeBrokerR" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "chrome" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "chromec" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "csrss" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "csrssc" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "services" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "servicess" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "cmd" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "cmdc" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "sppsvc" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "sppsvcs" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "unsecapp" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "unsecappu" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "conhost" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "conhostc" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "taskhostw" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "taskhostwt" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "OfficeClickToRun" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "OfficeClickToRunO" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "msedge" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "msedgem" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "RuntimeBroker" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "RuntimeBrokerR" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "FontrefPerf" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "FontrefPerfF" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "RuntimeBroker" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "RuntimeBrokerR" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "fontdrvhost" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "fontdrvhostf" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "sppsvc" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /delete /tn "sppsvcs" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4rzlnKig63.bat" "

C:\Windows\system32\w32tm.exe

w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2

C:\Users\Admin\Downloads\IDAinjector.exe

"C:\Users\Admin\Downloads\IDAinjector.exe"

C:\Users\Admin\Downloads\IDAinjector.exe

"C:\Users\Admin\Downloads\IDAinjector.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3348 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=1512 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2120 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5108 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\IDAinjector (1).exe

"C:\Users\Admin\Downloads\IDAinjector (1).exe"

C:\Users\Admin\Downloads\IDAinjector (1).exe

"C:\Users\Admin\Downloads\IDAinjector (1).exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\IDAinjector (1).exe"

C:\Users\Admin\Downloads\IDAinjector (1).exe

"C:\Users\Admin\Downloads\IDAinjector (1).exe"

C:\Users\Admin\Downloads\IDAinjector (1).exe

"C:\Users\Admin\Downloads\IDAinjector (1).exe"

C:\Users\Admin\Downloads\IDAinjector (1).exe

"C:\Users\Admin\Downloads\IDAinjector (1).exe"

C:\Users\Admin\Downloads\IDAinjector (1).exe

"C:\Users\Admin\Downloads\IDAinjector (1).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=1076 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2116 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5008 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4832 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1276 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Users\Admin\Downloads\IDAinjecthor.exe

"C:\Users\Admin\Downloads\IDAinjecthor.exe"

C:\Users\Admin\Downloads\IDAinjecthor.exe

"C:\Users\Admin\Downloads\IDAinjecthor.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5208 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5188 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5024 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4144 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3276 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Users\Admin\Downloads\IDAinjector (2).exe

"C:\Users\Admin\Downloads\IDAinjector (2).exe"

C:\Users\Admin\Downloads\IDAinjector (2).exe

"C:\Users\Admin\Downloads\IDAinjector (2).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=2752 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=4424 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3276 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3448 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=3416 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5336 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5480 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5632 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Users\Admin\Downloads\IDAinjechtor.exe

"C:\Users\Admin\Downloads\IDAinjechtor.exe"

C:\Users\Admin\Downloads\IDAinjechtor.exe

"C:\Users\Admin\Downloads\IDAinjechtor.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=1124 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5380 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5664 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4256 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Users\Admin\Downloads\IDAinjechtor (1).exe

"C:\Users\Admin\Downloads\IDAinjechtor (1).exe"

C:\Users\Admin\Downloads\IDAinjechtor (1).exe

"C:\Users\Admin\Downloads\IDAinjechtor (1).exe"

C:\Users\Admin\Downloads\IDAinjechtor.exe

"C:\Users\Admin\Downloads\IDAinjechtor.exe"

C:\Users\Admin\Downloads\IDAinjechtor.exe

"C:\Users\Admin\Downloads\IDAinjechtor.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=3516 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=2380 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=5928 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5056 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1672,i,6804229927927147673,11261259620497136670,131072 /prefetch:8

C:\Users\Admin\Downloads\DLL (1).bat

"C:\Users\Admin\Downloads\DLL (1).bat"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\portperf\gBPbgp2NHqWBQeQqSprglRrd.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\portperf\qAMN9zFfBJvEbgSzb0xn9ZLj.bat" "

C:\portperf\FontrefPerf.exe

"C:\portperf\FontrefPerf.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 14 /tr "'C:\Program Files\MsEdgeCrashpad\StartMenuExperienceHost.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files\MsEdgeCrashpad\StartMenuExperienceHost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 11 /tr "'C:\Program Files\MsEdgeCrashpad\StartMenuExperienceHost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chromec" /sc MINUTE /mo 8 /tr "'C:\Windows\SoftwareDistribution\EventCache.v2\chrome.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chrome" /sc ONLOGON /tr "'C:\Windows\SoftwareDistribution\EventCache.v2\chrome.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chromec" /sc MINUTE /mo 12 /tr "'C:\Windows\SoftwareDistribution\EventCache.v2\chrome.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 5 /tr "'C:\Windows\ja-JP\System.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Windows\ja-JP\System.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 12 /tr "'C:\Windows\ja-JP\System.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 14 /tr "'C:\Program Files\Uninstall Information\conhost.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\conhost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Uninstall Information\conhost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 9 /tr "'C:\Windows\GameBarPresenceWriter\taskhostw.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "taskhostw" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\taskhostw.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 12 /tr "'C:\Windows\GameBarPresenceWriter\taskhostw.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 14 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\csrss.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\csrss.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\csrss.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chromec" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Defender\ja-JP\chrome.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chrome" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Defender\ja-JP\chrome.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chromec" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Defender\ja-JP\chrome.exe'" /rl HIGHEST /f

C:\Recovery\WindowsRE\RuntimeBroker.exe

"C:\Recovery\WindowsRE\RuntimeBroker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 a0996471.xsph.ru udp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 103.192.8.141.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
DE 142.250.185.68:443 www.google.com udp
DE 142.250.185.68:443 www.google.com tcp
US 8.8.8.8:53 74.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
DE 142.250.186.110:443 play.google.com udp
DE 142.250.186.110:443 play.google.com tcp
US 8.8.8.8:53 110.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
DE 142.250.185.142:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
DE 142.250.185.142:443 clients2.google.com tcp
US 8.8.8.8:53 142.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 a0096471.xsph.ru udp
RU 141.8.197.42:443 a0096471.xsph.ru tcp
RU 141.8.197.42:443 a0096471.xsph.ru tcp
RU 141.8.197.42:443 a0096471.xsph.ru tcp
RU 141.8.197.42:80 a0096471.xsph.ru tcp
RU 141.8.197.42:80 a0096471.xsph.ru tcp
US 8.8.8.8:53 42.197.8.141.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
RU 141.8.197.42:443 a0096471.xsph.ru tcp
RU 141.8.197.42:443 a0096471.xsph.ru tcp
RU 141.8.197.42:443 a0096471.xsph.ru tcp
RU 141.8.197.42:80 a0096471.xsph.ru tcp
RU 141.8.197.42:80 a0096471.xsph.ru tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp
RU 141.8.197.42:80 a0096471.xsph.ru tcp
RU 141.8.197.42:80 a0096471.xsph.ru tcp
US 8.8.8.8:53 a096471.xsph.ru udp
RU 141.8.197.42:443 a096471.xsph.ru tcp
RU 141.8.197.42:443 a096471.xsph.ru tcp
RU 141.8.197.42:443 a096471.xsph.ru tcp
RU 141.8.197.42:80 a096471.xsph.ru tcp
RU 141.8.197.42:80 a096471.xsph.ru tcp
RU 141.8.197.42:80 a096471.xsph.ru tcp
RU 141.8.197.42:80 a096471.xsph.ru tcp
US 8.8.8.8:53 a0996471.xsph.ru udp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
US 8.8.8.8:53 www.google.com udp
DE 142.250.185.68:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
DE 142.250.186.110:443 play.google.com udp
US 8.8.8.8:53 2ip.ru udp
DE 195.201.201.32:443 2ip.ru tcp
DE 195.201.201.32:443 2ip.ru tcp
US 8.8.8.8:53 32.201.201.195.in-addr.arpa udp
US 8.8.8.8:53 ipv6.2ip.io udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 142.250.185.170:443 content-autofill.googleapis.com tcp
DE 172.217.18.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 232.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 142.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
DE 142.250.185.142:443 fundingchoicesmessages.google.com tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
DE 142.250.185.142:443 fundingchoicesmessages.google.com udp
DE 142.250.185.142:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 156.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 74.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.181.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:443 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp
RU 141.8.192.103:80 a0996471.xsph.ru tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI46282\python312.dll

MD5 550288a078dffc3430c08da888e70810
SHA1 01b1d31f37fb3fd81d893cc5e4a258e976f5884f
SHA256 789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d
SHA512 7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

C:\Users\Admin\AppData\Local\Temp\_MEI46282\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_ssl.pyd

MD5 ddb21bd1acde4264754c49842de7ebc9
SHA1 80252d0e35568e68ded68242d76f2a5d7e00001e
SHA256 72bb15cd8c14ba008a52d23cdcfc851a9a4bde13deee302a5667c8ad60f94a57
SHA512 464520ecd1587f5cede6219faac2c903ee41d0e920bf3c9c270a544b040169dcd17a4e27f6826f480d4021077ab39a6cbbd35ebb3d71672ebb412023bc9e182a

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_socket.pyd

MD5 9c6283cc17f9d86106b706ec4ea77356
SHA1 af4f2f52ce6122f340e5ea1f021f98b1ffd6d5b6
SHA256 5cc62aac52edf87916deb4ebbad9abb58a6a3565b32e7544f672aca305c38027
SHA512 11fd6f570dd78f8ff00be645e47472a96daffa3253e8bd29183bccde3f0746f7e436a106e9a68c57cc05b80a112365441d06cc719d51c906703b428a32c93124

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_lzma.pyd

MD5 b71dbe0f137ffbda6c3a89d5bcbf1017
SHA1 a2e2bdc40fdb83cc625c5b5e8a336ca3f0c29c5f
SHA256 6216173194b29875e84963cd4dc4752f7ca9493f5b1fd7e4130ca0e411c8ac6a
SHA512 9a5c7b1e25d8e1b5738f01aedfd468c1837f1ac8dd4a5b1d24ce86dcae0db1c5b20f2ff4280960bc523aee70b71db54fd515047cdaf10d21a8bec3ebd6663358

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_hashlib.pyd

MD5 b0262bd89a59a3699bfa75c4dcc3ee06
SHA1 eb658849c646a26572dea7f6bfc042cb62fb49dc
SHA256 4adfbbd6366d9b55d902fc54d2b42e7c8c989a83016ed707bd7a302fc3fc7b67
SHA512 2e4b214de3b306e3a16124af434ff8f5ab832aa3eeb1aa0aa9b49b0ada0928dcbb05c57909292fbe3b01126f4cd3fe0dac9cc15eaea5f3844d6e267865b9f7b1

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_decimal.pyd

MD5 f930b7550574446a015bc602d59b0948
SHA1 4ee6ff8019c6c540525bdd2790fc76385cdd6186
SHA256 3b9ad1d2bc9ec03d37da86135853dac73b3fe851b164fe52265564a81eb8c544
SHA512 10b864975945d6504433554f9ff11b47218caa00f809c6bce00f9e4089b862190a4219f659697a4ba5e5c21edbe1d8d325950921e09371acc4410469bd9189ee

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_bz2.pyd

MD5 59d60a559c23202beb622021af29e8a9
SHA1 a405f23916833f1b882f37bdbba2dd799f93ea32
SHA256 706d4a0c26dd454538926cbb2ff6c64257c3d9bd48c956f7cabd6def36ffd13e
SHA512 2f60e79603cf456b2a14b8254cec75ce8be0a28d55a874d4fb23d92d63bbe781ed823ab0f4d13a23dc60c4df505cbf1dbe1a0a2049b02e4bdec8d374898002b1

C:\Users\Admin\AppData\Local\Temp\_MEI46282\unicodedata.pyd

MD5 04f35d7eec1f6b72bab9daf330fd0d6b
SHA1 ecf0c25ba7adf7624109e2720f2b5930cd2dba65
SHA256 be942308d99cc954931fe6f48ed8cc7a57891ccbe99aae728121bcda1fd929ab
SHA512 3da405e4c1371f4b265e744229dcc149491a112a2b7ea8e518d5945f8c259cad15583f25592b35ec8a344e43007ae00da9673822635ee734d32664f65c9c8d9b

C:\Users\Admin\AppData\Local\Temp\_MEI46282\select.pyd

MD5 8a273f518973801f3c63d92ad726ec03
SHA1 069fc26b9bd0f6ea3f9b3821ad7c812fd94b021f
SHA256 af358285a7450de6e2e5e7ff074f964d6a257fb41d9eb750146e03c7dda503ca
SHA512 7fedae0573ecb3946ede7d0b809a98acad3d4c95d6c531a40e51a31bdb035badc9f416d8aaa26463784ff2c5e7a0cc2c793d62b5fdb2b8e9fad357f93d3a65f8

C:\Users\Admin\AppData\Local\Temp\_MEI46282\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI46282\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI46282\base_library.zip

MD5 d73f2d62474958d7c089e983ebebfaf6
SHA1 01d85fc529b000b712484529a55919b674740365
SHA256 c56e96fe2f5bfa9eb2572e7a10274479925c361cde4aa20668f9b37c9bbf5df3
SHA512 23ba2591b5568dd848d4c8030d08e97fca6469ad3b2e16d93a90b978b3883cfed4334b32c44faef74a5f8c2b63a7d580dac00018876721cab63784ea41db4ec5

\??\pipe\crashpad_2556_KHORZFUZVUUULWSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c949d1ee51f914bdc7807aa57e1a3099
SHA1 f33c5a7f70b92dc5e1d43bfa0e658d11c6235f3d
SHA256 33f304c43f2fe81e92d6291dea16f2f353a4f40e25ae58a194a8d70ee6a3a135
SHA512 e8b5576a5208369a1041c7b9afcea7aae93a188e2d8c820b181207c76303e01c3f6a49238e647402288b2175a469f319487972ee310969f3c939ff19f3557e4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 063bbf003639f2d356132aa3c3f37a2a
SHA1 e3a185b3bc054621db86724a0bfc1978896fa672
SHA256 c81299fb06d3364b3129f88bc488bc418e8d2623d9e63490d96a6f394dc08a1b
SHA512 8d148e9d9fc912d8763c759632d1eed59be189950bcb69dd54583a7af516956ca9ace8992d3af42e4d9b8a3ef0bdac076372d2f679381424a19a40f1e96f6b9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7823b8acc725faae293dda8350508848
SHA1 00693371f840ffc9bd1f8f33b82e249907a75cf1
SHA256 10ea5d5d0be7248c6a20e0cca62b5d418654383ff2c44eb60eeb22f65ab816bf
SHA512 32adf5ad3ed04052732881c91c2ce57752ff34d92e81544db94a1092bbcd7c2388f16918d30deae1bb342b95ba9addbe4263fe6b4fd3d2d95c223de38ae24109

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8e19319044f18c98e53ab794ac734881
SHA1 76a9c29b855167e5919d2404258a20621e69af34
SHA256 6dd067196d8261dcdeecb46fdff3d005d4a697c338db0721c66a63b0c34714f8
SHA512 21e73cac08704f0bab6c89590f2912b8840dcf5e13c52a69b6fe3282c1a8b524d5f8d2a104f351f7eccf3fba85ba6f1341180514842bdf258cc4a7383d2051b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9519b74d52435e0b4c8074f08f2ab91
SHA1 efd9ad3a3f3d8708c4b109a1898693abf7f606c8
SHA256 f600b5c281902d93aad728dda151558ba89f6364ee0baf03a23c79132d581f28
SHA512 545805d81ddb1e6c0d4333db64df41c16794049d48334268676d2cd47a987cfa6a2ede4d9f854bcc5dddc0ab0a7a543aa1d89587dc18517817d6a6c2b5bde15c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5d2ae6ddb2b1c2324f500e62b166fb23
SHA1 6431322cefe7f1080dcedf3b2fb0bad30b486e6a
SHA256 691dee70b36910be647adb16577e82a4a3c27fe24d0b7d64226cf69f979c668b
SHA512 36092403f08af211aed1fd2681d8f442230defc3d97a8acdc6948c202ccd314282fc58bb9b53c2620ea7a7f4e436c088aa561df740b6049ffd71a1502ea7a0ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5382fc0b3c7eb2524e4655915ffb748e
SHA1 f4e4a97f8121f5de6b4fa9c5ff46a60442438c53
SHA256 24d27a143a2123cb50ff6740ccd3e49ad66e44d8a9ec5da982e6788cd25a9aab
SHA512 f83cc90b62af5fd2f6a84ea39084304706eb04944b2ad06bfbdffc9141f14c5cce25eae6a48a4e196ada6c3a533a7eca863ee838b6850df489ca4b0648d17c34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b2e0b6cf4c6744dd3e17f80f18eceef
SHA1 5f82d04e719541d3b11ae4ad13a6f4d9202d6e54
SHA256 89d65613dbdc7da544f0d569ad709be97c6da47b2c9f8a84ca5a16c28ff3359f
SHA512 481cae9f0cdd1bb36dc4eeed488c79b2e73eefddb35f7d8802653526ad479efd3e35d786172ad92d9a212629c730d950f48288002a92ea02ecab20927a25f09d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 439bc7e3d3d813a3e622dc5f96b14768
SHA1 ed0ddea63eaadba8b478fb78d6a209112d1fe0fc
SHA256 b9a2313682407f33da5eca2651c0979e668e9c53bcbd351be29ad42faf45aa16
SHA512 ddd2eb718f2e6bd0b55dddf8a5703fc3e308e49d04f2a3c96c51b9c8f8239c16bf3285a685433ef1661fa97b83453c11ea8f8ce57129874a92a6474391ffa306

C:\Users\Admin\Downloads\DLL.bat.crdownload

MD5 e7eeed3a77acfc16a5186f35b24b1641
SHA1 0eaf807322f225fb1a540a4789dde872d99b1500
SHA256 502e92186c174a013a712bee2e18a23d4d91d3cee4c3d36f6311b4c4cae39a85
SHA512 954f18d3bb3cc3f4ae507ff8d6a6b63df002527c700e96b508ec3703aff7085292455c1b14bcc1b98c6d7ce72015147734f48fb9034e5a6a0b5ab906cc21e911

C:\portperf\gBPbgp2NHqWBQeQqSprglRrd.vbe

MD5 7f2fdea0a0e6b5953166bd444553d117
SHA1 2c3a87f450fada79c8b0b10744acba1d8412d35f
SHA256 1e755a4b1dcc01f85dd26bc8847c8e759a740fb4fe49f3f8da8bdb44ff151eea
SHA512 1d0ee921d3519fe1521bcd326037d9033bba71cdabfc6c34368edb468e63fa138578fccff333c470fbc2ed1f06b942a2b57d66be7d41b08e5c6ba37cf6342a3b

C:\portperf\qAMN9zFfBJvEbgSzb0xn9ZLj.bat

MD5 6eac79095e380b3a37d22099a81b549f
SHA1 9556269f69b0c654cf525d67363d3373266a7d35
SHA256 05ee55ae99192aad138fa56e8cde286d2fccd6a23289a20a08fb3e902371a676
SHA512 d33e0d9a135e55f7fd7d43ae03324fa90f648d355720af69ee0f02ea5c9949a3b47ee122b61e7efe5f70d7ab5d6cd3cc45dd5d36d8818f9164faf06f2d8fa270

C:\portperf\FontrefPerf.exe

MD5 58fc46d3190f762d8cd579b42ae07411
SHA1 7c34e4f46b9b267a034e6b374298205c2b1e088b
SHA256 4a6279dce40ac4b9a76f5282ffe2d4b6b904284c514ac2c61b4cae7ca938fc12
SHA512 8f75c1501fe696fa17e6c9d87a5bde7048ba7f01001e3997d6d3d4e3305087a9fa6d0f36be6b91612662cac821668335ca1e5fd1c2f847aaa92b18d308dc5053

memory/3004-202-0x0000000000DA0000-0x0000000000E76000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 343c98ef249aed163ce40ca2a5b960e6
SHA1 73f9a03e3d7ded40e050a95269bb672adb744558
SHA256 6e7e1d19e5a88e658d6709c1a68c61f66f545caa0fa6ad22edebc4909d5fe7cc
SHA512 ed04e82133c490060c9dbc70a48d3959ef9f712fa0cce9bc06bff67a26b02176acff64401636a6d6b7789c74875be5ceb62b2b917905e4467ebd98ca8689f115

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e513b.TMP

MD5 c5e5d1b5133f9da2c399fd06e4c6ce14
SHA1 cc752a0e91c1474607e661a23b352ef54f2a4bf6
SHA256 e8114abbe7747d3801a82937c1a42db457c72b332344c08221cc4e2f06a84399
SHA512 34cc019a977f54aa58dd0dc033abe63ce6878fc7be19d936e523472b6d3543a6c6388e8b8d3ee12838a7b63f2c335513f733b039c61c5c19d91d30b3de6a99df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 09e74ee0512946ff3ba2439981a283d4
SHA1 603c777f1be805c7035b73a9d28c74a057f18b0b
SHA256 b21fe07ae0fcda8db209ff95869658d8c8fa2a18c49ffa1419d92ece81723040
SHA512 b605f50277f82f9ffcc83bc08fc9e4d2c00b215097ab09a94ce360fa9c3937d6a58ee5e0eea889a1fbb7b84a65461cc172819c4f6ac8b28a62e5d0e085b1e9e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ea6a5a5aa4ec240e45a25de00cd9bfc0
SHA1 04c20c4af27627e3bf0b06461a9c9c98d0bcf640
SHA256 17b71f6708efd0f69a625ace7d520738ec0d6bbb7d829656d12562e2b4a0e60b
SHA512 cbd7c98f76c7e57fb066108f96dc94d24d7b32ad6c8dbb13e6d57b65decdc70d66243618d99468b5a2fccc0ba228f5452b0b93446b45763c280afdb29991b1fe

C:\Users\Admin\Downloads\IDAinjector.exe.crdownload

MD5 e8898b752c251de494fe90ba1ccfbee2
SHA1 c4e7611b0206382e8ff0b0387a69e5ab36508393
SHA256 221247315b5bda1b8c357c2971660d2cd4acc6ec7844f19256e4508a31f7d986
SHA512 9007cabfea79313c9c28b5519575c3bd596491d696c5b81c3943d9b1ab9360883b332c1d4c59ca604c8c6b0caf28daef9952e0f86d3878a6347c3768b7ceec34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eae47ea6264364422848f177eb1d15e6
SHA1 3b1c0ce55891c2497137a3063e83626858c38136
SHA256 3e7bdc212c31953d21be989172b6e05ef7a34ec270b8159ee9ada61ed754d434
SHA512 f48ae6a41b08732e729edc4e7a040bd0365abafc2f1bf181338348cb70a728bb0807ebe334e369e4c94979d11bd0b7f13648fedd014c76db8593ba75ded9dfbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 422700219e1807163bc1a82303837e23
SHA1 3ba6ffc83985c1043243ad1fbd79b3b54449ee04
SHA256 bd7483a3aef157d17368c385c683e9d9d1e01e53a02e2c8d12800ea1d2e5b518
SHA512 18574c01f3e1da50824042804313c36899f8347cabacb1b1e48d8a396ad5d526d93b5a96a5d928330e3160a69d0fa7cf37858881a4a5e10fec8e24b5324f142f

C:\Users\Admin\Downloads\IDAinjector (1).exe.crdownload

MD5 343f105e2a73ae5d533abb8fd1446ba4
SHA1 e4ccf668fb6c7aa81a9c249a3a24888524da6ce1
SHA256 d9bcdc9e3ab31d4cb4405c0693840f1960b9d603b227618d8e6456136c3ba786
SHA512 63c875e2dc7887d7d4fcf5456baa71a22eb61294ae5bdba05935a2c93a6a7c18b5f9151ec55c1505515bf78b678bb624e65272dddf776c15ed1ea079abd33082

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d371da4984e1373fb38321be5ec40e7
SHA1 b0f945dfcac86632123664d6d9ae7aff7dde64a9
SHA256 f90c49bed38364761e316981b6630e6f6a772f3ef9fb2185d359961441c8a1ed
SHA512 672eb6d14f9f99b0ec15895e8424b6bf24f5745739b0663be36c4b34ce8aff6775884058fe7f56fc0b72736d73ab2ae57096bc4e4a9641b7ffff57f8aa65a79d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ed4c52058466c4cfdb81991093b3475d
SHA1 322342cbf21a8980404f03dfc171abc81e0c9ba6
SHA256 3c8328eceac69bb9e3b7adbf45c50723b8fe2d1a9c125514a3b66f2bcd2d1e9b
SHA512 fb87d2dd7ad5775b428e79199007d7567357168d3f71b6c27877211b61fa2aa025b3e15f08e68842c62768efdc70e803364a1c8f0589ca11e75d5457cd78a076

C:\Users\Admin\AppData\Local\Temp\awu687ub

MD5 3f1d1d8d87177d3d8d897d7e421f84d6
SHA1 dd082d742a5cb751290f1db2bd519c286aa86d95
SHA256 f02285fb90ed8c81531fe78cf4e2abb68a62be73ee7d317623e2c3e3aefdfff2
SHA512 2ae2b3936f31756332ca7a4b877d18f3fcc50e41e9472b5cd45a70bea82e29a0fa956ee6a9ee0e02f23d9db56b41d19cb51d88aac06e9c923a820a21023752a9

C:\Users\Admin\Downloads\IDAinjecthor.exe.crdownload

MD5 210070aa84a6e8c1ed344f119f488427
SHA1 7f41d3deaacdc9397e72e178f9f408a6666d5b99
SHA256 7a6905edcbc282c4857ace55c9e284151abf452b34bd6c3944b1130e1efaa56c
SHA512 5f2b65250db6a51f07e8f094ad0a9abd82daece3fe99c2c6ca6995cd4e3b677f9bee3e87b1ace16057bdbbd794a6a4b21bf0cc8f0d0b0697a131ebb6d9df6682

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2595c7922ee7ef5b0af1c6e93c46d28
SHA1 1a21bb5c32113e555959839d77027c13f7e94a96
SHA256 44275b5fe432827429bca319c7ea4d6071734f895e0cdda71c3dc21f45a56a29
SHA512 2311260b2bf343fc4e7e25aa2920cbcea9b8e25da3309375a24a2a6d2b6c286d88c7c9c44abfbb890acf6735502c9b725319104ba0219383830380189e2a5cb8

C:\Users\Admin\Downloads\IDAinjector (2).exe.crdownload

MD5 36f0fbfa915b2329350474ff742d8001
SHA1 dffe5aaabda840cf15b252480bac554c8ce28a39
SHA256 63258527c5c663bd269bae357100501d67106883321a2c3281d1b5853b48f710
SHA512 473faae119c4312f4054ef2e8e243f8a1a94a1fdee0ad5f012286ad24d413b487633bf3f1d7b56ce04beaa3780b53c26d2b2a31eaedee8bf8daba174abaa9cb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18e52926dbe868d4c97dd57e1c046b04
SHA1 42b3b8a36f0de751efac76289cc1daee6d45abc5
SHA256 c7416d3bb6903e4762e20116ece9c4363b08f01a843e82e680939829c90e4930
SHA512 2012170e7bc49688d052876be458a2f3b0dacd430237858c49ae3d682e22355c065e4917f7e06881239c4756768c0bee139b25febbbf96f11fb29a352a6a5de1

C:\Users\Admin\Downloads\IDAinjechtor.exe.crdownload

MD5 ed2ff9e92550e70eddca351c5d650fbe
SHA1 be6ce5af207fbbcaa11f138f7d4dc05019739733
SHA256 5dfb490c7b8991c69242c6c84583595425ead9d68011355fb57118c3bbd9d00a
SHA512 af73bd137107995cffa9c7dffff834c32dc6e0d11b3f2ce18b2e63ccdfc7827bf1e3453e1649167c8455591a420ab8637a6ff73d099291b2eebb8021644694c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 49a2afc1a7207c2511c5961db23f9fcc
SHA1 ef93e4dcbc8bf605095a5b5329db68c27e966d0f
SHA256 2450b5694127dcc057c298c3ecb45923923461b3ff75fd73693a76f3dd3990ff
SHA512 880150344c4c30b2e4cc8b842de46ec6ebb0bb793e8e356dad2e12638eb5b1daa50dd99317d5746fc7ba637d779c8d470a01130221e1d12161fe4382e4bc21e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ad2d62a977165069941ffe45de898ad5
SHA1 d7cb0278569ac2cf0891c8535d876fc411ea4e69
SHA256 2a137e995b1ec407dd9226c5adeeee0e042b9fbc6b3ed1fc4610d755bc458264
SHA512 5a4ce2e80264142c2b7005ec1c753e1ccd8694352b349dd5d9bf72eebc3dba9a7a6111b87c2ef4ea66aca79fcf0a35b5721db22374bdc387124465c3cf01a2b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d2618023cf6d384894285078659e283
SHA1 72ef57d241b669038a9b3317dbed7f5ffd7f4b0e
SHA256 c6be697f21701e0ed76db65683a3727e26d048fa8c1eaf26dcfc27ec72cd1786
SHA512 30fa98e2256b2b2dfcd8c313584ad35dd928a6a03dd713688e08a6a964687c05ed343c860d18fc1d79bf02585efb593f1c9ed3159d691dc56634ce2564e97020

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0a2742cfba204bb689f825da723d60ae
SHA1 27e289b8caeac9bb590ca2b49a4f0ef3037be7bd
SHA256 fdb90a648c0bf7fe210b067a3d9b814bbb42cdd381e767523e345d7aa4aec0de
SHA512 67505322e8108940da9f64c47fca74ae70a383c7ddaf0d828d494915688401621b860920de965e47191f73347968025fb0778576b3076a9d430d0898a50c5021

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58a049dda96b8d56b091fdbd4745020f
SHA1 ad1b10d248d86dea2a2f1a993f3cb94f859a95ac
SHA256 8b8f8d09f5905196907c5b91038dfe6de1c68a8757f2ba0fc603470fca8017fa
SHA512 23de03497ef4160f0c0c8ea7a7d96ad3af9b04652ca1e7e1f6c386b6a5bd1462c22836adde482a04eeb644dac9743216fd51c3ecfa339ff1a5202067ac8279c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1985d02862f9277cbfb2c9ccfc094c62
SHA1 519067ef1bd2530221f92861cc571168657ea478
SHA256 536902ce12ff9cf25e0052a99da2764f54a19826c9eeac59b778737551fcee46
SHA512 ae56a434d77676872d408eebfd442e440485d9f3981be194ba2edb3e96ecae56078a7cdf6bfbb1b17b81f4a80e17253c8735c0ca21204cc3d3acb1773490055a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 269b915cdbfa6561c68c53e3961853e1
SHA1 a0add43de516d1c0143ec2051a315b5ec34190e4
SHA256 808178254ad2dacd7aa9962f5861eb48683d76ccd0921e602067fb8e4c6045ca
SHA512 c1046dc972e6739e7cb35449ce06a935ff6b5fc4d8a9817ab6ceb24d074c9839f73e34a7d5ee01d844423e85954a2dc800b8d39f05afa9c05cbc70cc803bb86e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f163d38eb896f7715e11da17feee24b
SHA1 9117d6cba57e3ad7d9c53fd7d7e1de07a62aeed3
SHA256 becbfb868d3fb93d24b6289b7f5fe479136dd69868b9b3475c6fae18d50b28aa
SHA512 b248f397f791594f2eef1c0d8184cc448a9b85c9d50956b0e095231a86c339f50852b04183f5aa9959b5952007e14c8f2fd6a0d7a5534c3e89cff83d35de6c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ac717bfd13c1b44c2a0627f856c852f
SHA1 ba11cc24361717edb609dfd6cb76fc5533edba26
SHA256 fa2fdb80c1090a08a865774cb5eca65850a49783873a3cd23ef45581a7ef67b9
SHA512 46460e0e5c9c0fb1b91839e51628a8fcd1acab9b52d1280092bf4949e3e100f493bda5fd06c32b1ce39a2731c17163629f86ba5e4371036fb81bff3cdaa01a1c