Malware Analysis Report

2024-11-13 14:21

Sample ID 240618-hm64sawbqp
Target https://cdn.discordapp.com/attachments/1232825231312420997/1252503669698728087/PO-_RFL059210.zip?ex=66727471&is=667122f1&hm=5e1872bc711cb3f4269d51a83c5656aebd9a7168ce54a54e950f88b01d30196f&
Tags
agenttesla execution keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://cdn.discordapp.com/attachments/1232825231312420997/1252503669698728087/PO-_RFL059210.zip?ex=66727471&is=667122f1&hm=5e1872bc711cb3f4269d51a83c5656aebd9a7168ce54a54e950f88b01d30196f& was found to be: Known bad.

Malicious Activity Summary

agenttesla execution keylogger spyware stealer trojan

AgentTesla

Command and Scripting Interpreter: PowerShell

Reads user/profile data of web browsers

Checks computer location settings

Reads user/profile data of local email clients

Executes dropped EXE

Looks up external IP address via web service

Suspicious use of SetThreadContext

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 06:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 06:52

Reported

2024-06-18 07:02

Platform

win10v2004-20240508-en

Max time kernel

592s

Max time network

562s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1232825231312420997/1252503669698728087/PO-_RFL059210.zip?ex=66727471&is=667122f1&hm=5e1872bc711cb3f4269d51a83c5656aebd9a7168ce54a54e950f88b01d30196f&

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A ip-api.com N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631671481969614" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe N/A
N/A N/A C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4548 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4548 wrote to memory of 4684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1232825231312420997/1252503669698728087/PO-_RFL059210.zip?ex=66727471&is=667122f1&hm=5e1872bc711cb3f4269d51a83c5656aebd9a7168ce54a54e950f88b01d30196f&

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd330ab58,0x7ffcd330ab68,0x7ffcd330ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4256,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4684 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5164 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2760 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3232 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3888 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 --field-trial-handle=1824,i,13763062389787673213,12723734151104595574,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PO-_RFL059210\" -spe -an -ai#7zMap24235:88:7zEvent4481

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\boGqOzICn.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\boGqOzICn" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4EC8.tmp"

C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_PO-_RFL059210.zip\PO- RFL059210.exe"

C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe

"C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\boGqOzICn.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\boGqOzICn" /XML "C:\Users\Admin\AppData\Local\Temp\tmpB17A.tmp"

C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe

"C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe"

C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe

"C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe"

C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe

"C:\Users\Admin\Downloads\PO-_RFL059210\PO- RFL059210.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1392,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=3992 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.180.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.35:443 recaptcha.net tcp
GB 142.250.200.35:443 recaptcha.net udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 gokulammotors.com.ng udp
US 104.194.9.178:443 gokulammotors.com.ng tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 178.9.194.104.in-addr.arpa udp
US 8.8.8.8:53 ftp.skitz.com.ng udp
US 66.147.236.46:21 ftp.skitz.com.ng tcp
US 66.147.236.46:58327 ftp.skitz.com.ng tcp
US 8.8.8.8:53 46.236.147.66.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 104.26.12.205:443 api.ipify.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 104.194.9.178:443 gokulammotors.com.ng tcp
US 66.147.236.46:21 ftp.skitz.com.ng tcp
US 66.147.236.46:63192 ftp.skitz.com.ng tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 108.177.122.94:443 beacons.gvt2.com tcp
US 108.177.122.94:443 beacons.gvt2.com udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp

Files

\??\pipe\crashpad_4548_TPECCQOSBZJRQEXB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\PO-_RFL059210.zip.crdownload

MD5 94cf5a54615a314eb96130936e16de9e
SHA1 c671ec37ab5a8d000cf4748c711c28b27e8d5b63
SHA256 13c0cb7baccd5901a55e3de5b5c3e1142b878dbded0df8ee088169510a35731d
SHA512 b69a0f5f9d23179b4872409be13fa0ce3e69f4ba881995b3d8dbcd368ca4db3f0438172708a9a5f765c9f87cb836882a57f705c4d5ba319cbc0977216f0769cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5081f23bc6aca7edf750cec772017d87
SHA1 e25969a6bb845c1a0b4379a13632275bdf5c69db
SHA256 c2adf454bd821cac948f52888824b56245e7a03c2ea03e80b2d5ce9d204771d6
SHA512 aec13e44f1895d5a1567707d835613cab5eaa79a8afb458f87071d1ac3ac6e264f270c0f07580faf7047574b7df2e495d56fa02ae953965c4fe1eb97a0793c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4c495b0d0ab92a7ff87ac5bb3b63c4a
SHA1 cc1c40656e2e46108b26cf3f14fd26d6ba21eaf9
SHA256 e2c010f2334e231d639473357f676b676648377d70c4b222d07874c187628575
SHA512 26e1bb87e53ab9c676ac74511bf9addbd8c3d58154e435ab56b95a52c7d58cb93b7adedf94ddb884039e93cf89104b49cabc3f8198aa90c42e0ed26ba09f6baa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8175b977f98677ec9735e242c94606e2
SHA1 53672cc225402a00fe17d50d458ac57b7a84a999
SHA256 372fa4fb8f48dfd4fc7419332df1ee6f831d79525b6251fb03995094542d66fd
SHA512 bd6e94b7116b18891eaad8cbe24d05be3dc10d7ef9add276604cd8cc66288e60f751e50f625814d6e3f89959d49851b0d1f76b7b81a0dec061fa380f4d7cd887

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584b5c.TMP

MD5 5878e5970fd60fffd67bfb9971e61eab
SHA1 ac53090fcfadab7fcef7efa1527f1f3c77968ae8
SHA256 fd2d027bb2b0ca5eaa34655982f064590a442318c8a6e32e29add1fd4b6d1f5b
SHA512 f080e7c97eda9cd1b10727b85e981632cf90b5be76ee657ee9d6c655147892a9a3780d7bfe350b6189df9b2b677e28bbef7c0bd0f0d4659dcb17b379200e3b83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b307f441ee8ec07b4f3f9b9882ccb270
SHA1 39fe65d7116e1941f22e7779a932e6a5924220a0
SHA256 3d67998b0ddc4b76d0cbc165b6388720ca60b365141a70983555656929c26fb5
SHA512 73000bf2c4b88aa7d98353e004bb80b1a045557e98badbe5346b099e3215a417a03577a68891841a587bd765ee6b089c4a0d18c5e481e810cacd5809e6a05925

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c35b2f0f52dbb4a604e9337d3090e95
SHA1 718ffef54414b56d5ed7cc8a64865517e1f6d233
SHA256 613d5d7979599b62e3c4a5fffec2dfc0d2feb203d540f1cadcf924e3a7b664ae
SHA512 5e8cb53b5b2fc243c042de0b9e009b7fe82b4a57070e399be4b1cb1f70128d0917aabe47cc017eb8f9ec08a056159b4b8c1b472c93be65b77e4257bb16fbe642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 464304413974aaee895b246226a34761
SHA1 e764a5cfcff725c40a299ee889be9d6dfca14e4e
SHA256 c4fe8a15d7e214397a750af74148222f4bc92402c28e6f2a2d8d6a06827f04eb
SHA512 f01a9d7090d620652d4fc81655981be67f24e09512626f96207a1b0fe82bff0aee3a1653475243eeb1198e0075e8ca2d07e73f198f25f85be3bb4b1d403b74f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c0dd795186ac6160e960459a050dea4
SHA1 e0d8feef411387040298aff8ef48d4ab19c4c3e7
SHA256 7870ab29f6406ccbfcf8b002da1ef363796595800b63ace8957f1107cab70600
SHA512 7db9ddd63d2654bfde8a77a1e5b644159ab2ca884fd55d45daaf9e844d7f978c699ac8e84fcda7c7722f925a28951e28e2e5abc863eff9e6e9dad4e3129cf62a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 99916ce0720ed460e59d3fbd24d55be2
SHA1 d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA256 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA512 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 856c7cbeacfec83167c21393f3846143
SHA1 d70ca560005b69a1ff1c47555dd92116eb5b2fdc
SHA256 2b6c2aa8d0af3d32910858384e6a5e82e2f531014eb5112f78dda5220b9efcd4
SHA512 96da349925389524c516b2ce7c8d5cd33e57b25a3110c2486e25b6f06857c55118a75a8cc4b45e043914a9ecb4af455a1527b67e593dc0064e04ead5a064f9c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f44d52c824b1c43c020f02313f21355
SHA1 51add3095430187f66f447c9febfda7a8e8cc57b
SHA256 77604cc9e8a6ba57ed9b132c8e8db32d4461875835c7ffd62ee760ec1ddb6318
SHA512 8a97ecdd4d3ce8d3a65c3d0e4977fdd0be6b86400615354b9d9dd60842398fe329760f2ef0421b43d826eecc2e3f4e5438fe293f8c2c7b54a2d4c07b030d32cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 177ddbfe0b0ef3be001242cbcbec772c
SHA1 9d026602d7e53ab3eabee76e4486bf46e9cf4bfa
SHA256 00a4b74b1fbb08c1c403a3e2b9cd7c3281566741d891d511cae02533604806e2
SHA512 77be55fac286485017d9d44df62cf479c38c2c046c3358c7a666954e2ef061c1595433743c9991ba7f110c72ba032b1567d24d2cbcb59646929623a6674f3e28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d055256ccacc6f48b2a8ea32b60cf816
SHA1 b28384912d57894993fbbe70a4223fcd469f8559
SHA256 b40fd73d84eb2ec93f7d23e7458dfb0896c4125d92ee90a47f79406216c4afe4
SHA512 dd2f1823d7ff2b0c4e67af40c406a2f733b1163eba328b387d588d606a78a13fc56690d2d2f6b12b4b9f8dcf3add7a7a3144a3fafcc227556c54d1940a4342ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dacb.TMP

MD5 c6dfb2ff081edab20b2c95b3a184cd78
SHA1 ab6ee3c92d22978e05ab92f65da7f8d86580a19e
SHA256 5b5487d33b1bd4c1c0a6df73395a750357630117a0a0ac290ac93d12d83d6c4b
SHA512 7bdd1cecd1e66996a2d14a61928778c4c88d1326c690f9dfa6c3072f754b0d2eba538522c3434fbddcbfb15dd5f483f74f20e70df2aa327f9b590113c3166c08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7af4d1d5c237c59cc57c859b636831de
SHA1 1e3ff39b32f26600137bac7265933682c444a786
SHA256 be14a1de226febfd5125b7733e0f90aa4632c7dd6fa7f699c74a1b559521b1ad
SHA512 aee7884afdf2895215c958171daf65311d95b03c3c9fec6abdd3c06cd755a881b2369fdc458339c2e37c6a9074400680ce57e59fa6b8f292a70a8b2ed7bd554b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d89b6aa6bd1d498f144a4c638db0640a
SHA1 b225c8e98792389d37bdecdde29e3444f7a4c7c2
SHA256 35a88c4042fac92aa351e15e4163afa68d684bf20691b3129b5d2b9a8c89ed18
SHA512 1b8abcb5a937e51d888519370cbb340bd9406ed68910459fe803a9d6c43312a6b0e2c248a36de74e5047ee71e09d34965152b23fd3c1b9e30298792ce9e902d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e325ed8b2b6f481ff9ddd25cd319bcca
SHA1 43a5c09036e482dd0bec2473f3cda9e431a97c1d
SHA256 b7e1ecdb4af427fd0bd4cb4dfa4d1dde4ab93ec680fb62eae2c051168e21c421
SHA512 ec51685f850f5ea68c5daa47c7aecdb225df89350a488131b285ecaf69484acfad770856dc89d3daed32a4af7c49d565b82b9ab6e7b6af188b0e584dd479d603

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 50cca2b201bf6a71a97b8015ec6c5799
SHA1 6ca2228478d71d13bdc159f72aa45b35726b204a
SHA256 3e5dd7c2623b2c052611598f0e45d6f9670b956dc1d5ec8b62f7adcc1565670b
SHA512 a02776b95440e3449242f63c3aa197a54a5f7f0b5fca478bbf2c0d179a563071720c9fec0431563dcb2f3a934cab21b3305715ae447cd9ecd81058070cb1d47c

memory/3464-356-0x000000007500E000-0x000000007500F000-memory.dmp

memory/3464-357-0x0000000000750000-0x0000000000842000-memory.dmp

memory/3464-358-0x0000000007C00000-0x00000000081A4000-memory.dmp

memory/3464-359-0x0000000007730000-0x00000000077C2000-memory.dmp

memory/3464-360-0x0000000075000000-0x00000000757B0000-memory.dmp

memory/3464-361-0x0000000002C00000-0x0000000002C0A000-memory.dmp

memory/3464-362-0x0000000007950000-0x0000000007962000-memory.dmp

memory/3464-363-0x000000000A090000-0x000000000A12C000-memory.dmp

memory/3464-364-0x0000000007A90000-0x0000000007A98000-memory.dmp

memory/3464-365-0x0000000007BC0000-0x0000000007BCC000-memory.dmp

memory/3464-366-0x00000000052D0000-0x0000000005354000-memory.dmp

C:\Users\Admin\AppData\Roaming\boGqOzICn.exe

MD5 516082e6812f9dde63d4a71b009df547
SHA1 42cd1e677954aca055ea3115ee0fdfcbf16aeb55
SHA256 7b67c0f996e0269e247d02bc46dd38ee8c230945b534dea1c6e40bc3f9a32993
SHA512 7bede19f3280f9828df9429d5ecc379bcfbbc729b9fbfd2f9bd532ba40237aee9c103222ba4016b7fd1aae837c7a870f69dfc423c94144a2242687e9cd248128

memory/5636-374-0x00000000027E0000-0x0000000002816000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp4EC8.tmp

MD5 248832d758c1554cbb173eadabcad945
SHA1 55c7b88271317b0f3bdd8de9b0945dafd2e3ec64
SHA256 ac557fd0b28dafbd6e40b7fbf2b8c88e7b7418c95a4ddd4cb6d40dcac84be28e
SHA512 cfd569e8c5cfd318a1b11e7e2633a84a8677e7f14ce786926434031141f6dae2129899964a608ecbb6109532902569f719722e80334a91a27858d41b64bc518a

memory/5516-376-0x0000000004C50000-0x0000000005278000-memory.dmp

memory/5680-377-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO- RFL059210.exe.log

MD5 8ec831f3e3a3f77e4a7b9cd32b48384c
SHA1 d83f09fd87c5bd86e045873c231c14836e76a05c
SHA256 7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982
SHA512 26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

memory/3464-380-0x0000000075000000-0x00000000757B0000-memory.dmp

memory/5680-381-0x00000000055D0000-0x0000000005636000-memory.dmp

memory/5516-382-0x00000000053B0000-0x00000000053D2000-memory.dmp

memory/5636-388-0x0000000005A10000-0x0000000005A76000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_50jdigc4.hn4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5636-402-0x0000000005C60000-0x0000000005FB4000-memory.dmp

memory/5636-404-0x0000000006110000-0x000000000615C000-memory.dmp

memory/5636-403-0x00000000060D0000-0x00000000060EE000-memory.dmp

memory/5636-406-0x0000000070BE0000-0x0000000070C2C000-memory.dmp

memory/5636-416-0x00000000072C0000-0x00000000072DE000-memory.dmp

memory/5636-417-0x00000000072E0000-0x0000000007383000-memory.dmp

memory/5636-405-0x00000000066A0000-0x00000000066D2000-memory.dmp

memory/5516-418-0x0000000070BE0000-0x0000000070C2C000-memory.dmp

memory/5636-429-0x0000000007400000-0x000000000741A000-memory.dmp

memory/5636-428-0x0000000007A40000-0x00000000080BA000-memory.dmp

memory/5636-430-0x0000000007470000-0x000000000747A000-memory.dmp

memory/5516-431-0x0000000007090000-0x0000000007126000-memory.dmp

memory/5516-432-0x0000000007010000-0x0000000007021000-memory.dmp

memory/5516-433-0x0000000007040000-0x000000000704E000-memory.dmp

memory/5516-434-0x0000000007050000-0x0000000007064000-memory.dmp

memory/5636-435-0x0000000007740000-0x000000000775A000-memory.dmp

memory/5636-436-0x0000000007720000-0x0000000007728000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 3d086a433708053f9bf9523e1d87a4e8
SHA1 b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28
SHA256 6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69
SHA512 931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ebc87807f9d066f289e76012f8284f9f
SHA1 9b44532a9f3dd1b2f8f3d6aab87ae9db232015a7
SHA256 6ef08f64dbeec0e9a1a516c4e539f60c87ba8a65003be0f8e8da48b423f4702f
SHA512 14296da0ea40f6db87c469dc57c618f1c318e5d160e92e58cbb3dfe55099a604a1be64a8e21c6ab80374a9c6c2eb66b8eff8cfa5c7fa67c2a74506f78ad1d689

memory/5680-442-0x0000000006D30000-0x0000000006D80000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ed65bd74c9f0b4fbb7a4cd6b877dd6cc
SHA1 657b67fcd4cbe2f3413c4997eba9144f8b2a709a
SHA256 201a90e4c379466d4e379e2cedf7d8749dddc3eaf26619b1585a25d3a35cdc1f
SHA512 b55f80d0519c2b928e4656ced0466ee81ba4a284c3668d329b03cd9b9ff1e0f4a61c38608dad36234b1a8eeb04998ca6f67e4511d9d7eca4d56ce3f49c9cd126

memory/3068-454-0x0000000002CF0000-0x0000000002D02000-memory.dmp

memory/2744-460-0x0000000005510000-0x0000000005864000-memory.dmp

memory/2744-481-0x0000000005C70000-0x0000000005CBC000-memory.dmp

memory/2744-482-0x00000000716F0000-0x000000007173C000-memory.dmp

memory/2744-493-0x0000000006E50000-0x0000000006EF3000-memory.dmp

memory/744-492-0x00000000716F0000-0x000000007173C000-memory.dmp

memory/2744-503-0x0000000007110000-0x0000000007121000-memory.dmp

memory/2744-504-0x0000000007150000-0x0000000007164000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 817a31ea640717a7112b22bbfe475e95
SHA1 a7635094587e325ef9ed188e66bd2ffb0fe333bf
SHA256 3c98dd9525fae3da4c979eaa8bc85cf8155d824de2b373ba31c6a361fd0f9520
SHA512 9ec74fb262f71ce24f89e71c7d59646b08a55bd0a7b9892a32c0ae9b662e84954ac6defcd4600cbecf3c8c4023223c338dc619ffe11aee514dbdabdd8e0245b8