Malware Analysis Report

2025-01-22 12:40

Sample ID 240622-xvcx8svcll
Target AutoHotkey_1.1.37.02_setup.exe
SHA256 49a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc
Tags
aspackv2 bootkit evasion persistence trojan upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

49a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc

Threat Level: Likely malicious

The file AutoHotkey_1.1.37.02_setup.exe was found to be: Likely malicious.

Malicious Activity Summary

aspackv2 bootkit evasion persistence trojan upx

Disables Task Manager via registry modification

Executes dropped EXE

UPX packed file

ASPack v2.12-2.42

Checks computer location settings

Checks whether UAC is enabled

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Unsigned PE

Enumerates physical storage devices

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Scheduled Task/Job: Scheduled Task

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Modifies registry key

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-22 19:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 19:10

Reported

2024-06-22 19:29

Platform

win10v2004-20240611-en

Max time kernel

1139s

Max time network

1143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe"

Signatures

Disables Task Manager via registry modification

evasion

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Local\\Temp\\A544.tmp\\MBRPayload.exe" C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "111" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133635570316236641" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\SysWOW64\cmd.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3812 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe
PID 3812 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe
PID 3812 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe
PID 4152 wrote to memory of 3788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 3788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4152 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe

"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe"

C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe

C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef96ab58,0x7ffeef96ab68,0x7ffeef96ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff681d7ae48,0x7ff681d7ae58,0x7ff681d7ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4868 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4972 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Documents\PanKozaDestructive\PanKozaDestructive.exe

"C:\Users\Admin\Documents\PanKozaDestructive\PanKozaDestructive.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A544.tmp\PanKoza.bat" "

C:\Windows\SysWOW64\timeout.exe

timeout 5 /nobreak

C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe

MBRPayload.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\A544.tmp\note.vbs"

C:\Windows\SysWOW64\timeout.exe

timeout 3 /nobreak

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\A544.tmp\sites.vbs"

C:\Users\Admin\AppData\Local\Temp\A544.tmp\melter.exe

melter.exe

C:\Windows\SysWOW64\timeout.exe

timeout 6 /nobreak

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCTmub7HjR9Kc8Uh-Vy3eLaw

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef3b46f8,0x7ffeef3b4708,0x7ffeef3b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im melter.exe

C:\Windows\SysWOW64\timeout.exe

timeout 3 /nobreak

C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe

Craze.exe

C:\Windows\SysWOW64\timeout.exe

timeout 4 /nobreak

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im craze.exe

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Users\Admin\AppData\Local\Temp\A544.tmp\screenscrew.exe

screenscrew.exe

C:\Windows\SysWOW64\timeout.exe

timeout 3 /nobreak

C:\Users\Admin\AppData\Local\Temp\A544.tmp\lines.exe

lines.exe

C:\Windows\SysWOW64\timeout.exe

timeout 5 /nobreak

C:\Users\Admin\AppData\Local\Temp\A544.tmp\INV.exe

INV.exe

C:\Windows\SysWOW64\timeout.exe

timeout 6 /nobreak

C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe

craze.exe

C:\Windows\SysWOW64\timeout.exe

timeout 8 /nobreak

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:2

C:\Windows\SysWOW64\shutdown.exe

shutdown /r /t 1000 /c "It's Your final 1000 seconds to use Windows"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://memz.download/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef3b46f8,0x7ffeef3b4708,0x7ffeef3b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2

C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex64.exe

"C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex64.exe"

C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe

"C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe"

C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex86.exe

"C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex86.exe"

C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe

"C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://malwat.ch/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef3b46f8,0x7ffeef3b4708,0x7ffeef3b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38f1855 /state1:0x41c64e6d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.206:443 consent.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 memz.download udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 memz.download udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 malwat.ch udp
US 70.32.1.32:80 malwat.ch tcp
US 70.32.1.32:80 malwat.ch tcp
US 70.32.1.32:80 malwat.ch tcp
US 8.8.8.8:53 ww25.malwat.ch udp
US 199.59.243.226:80 ww25.malwat.ch tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 32.1.32.70.in-addr.arpa udp
US 8.8.8.8:53 226.243.59.199.in-addr.arpa udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 afs.googleusercontent.com udp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 216.58.212.206:443 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe

MD5 b98ee9e00b5546763f9c6e65e436f6e6
SHA1 a28e2b0ba6cc748d166b2eb6d0c8acb0bd3b9f3b
SHA256 6d876c526b5cbc5dc5341c1011b1c91639597f46677a1d42426f4a52dfea6756
SHA512 556e632fe39231622398c5afccc51d01f25bc430705a126737877ed9f354c7076b5bf3cbac27f8a1c4db4d326b6a8848fae4b8d6046f816597c370d06e824591

memory/640-47-0x00000000009A0000-0x0000000000AA0000-memory.dmp

\??\pipe\crashpad_4152_GPEREIJGWASBVECZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 954c9923a3860589d890318fd5007972
SHA1 ccf783e87c5a5f926efd1fe78ac3866892c68a57
SHA256 0ecc455aa30f93cb233ebe9b343f2b9e93b79f32e215f3e15c8c8ccbc38ec6df
SHA512 1c610d6c0ee54c38289f71e414c0662ad8f512f815cc7293aaed93f12cf9cc9c1526d70a6f046f0cc9adf5a0ed71ad6d136dc6444efb35d84ba991ab2fcf1689

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c2822160d0065aedd488dcf3c42222d
SHA1 c8277d2f5d01e27ea46ce31e53551682184bd9e5
SHA256 59be968e0655812837a12438544e1ea792ac8d0db191e02454133f46a31f5e18
SHA512 b011bdfae9f5fb474f5bb0bfa70e8aec0411d78e1ec2e7c8c5a173bade2a5518808af2ee9981bb38067fdbd671b257bb72548b6bc864c43c728423a031f0981f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b871b89a56b5566351814eb6522e73e6
SHA1 3fffe37f2d29c20a67c7e1c37a00965c29e1e0ea
SHA256 a43b040f4a430eb28ad90fbba97729a562306195c550c217712da8958545a2d1
SHA512 be1447adcc6a087b33e171f5a4923dcb60cd7e68d69ed5ca9fd9117c35c1ec583d628593beaf576f42c7d5b5c31d96ccc8962c44e931e73e6bd081852e51c3ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4d10aa42f20e4f2bc5109bde2214fef3
SHA1 789968e7ee69c4b6f994e51445a767d24a82414c
SHA256 93f4191e0dcf399d602d355bbb88b822da4001caec8f2918acb3163e43b549a0
SHA512 31e79a62be53338c975b3495882277b9e90fdd57a2d8d4375d1366a490afe1edae97dcaacf6e0ffe1e0ef6135299b8d05f9c82571d6a9e3da4fe2af5e6cb74fc

memory/640-133-0x00000000009A0000-0x0000000000AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\31a5e82c-f702-44f0-9fc7-c773e74be9b6.tmp

MD5 9f7c9468439f00b5ef1122f926bf1dab
SHA1 3719b0412a7c74c02351b520f8807c2ff111a6aa
SHA256 f4bf6fbfa85ed60eaff2466e1eae6ab4b8e1ce36beb1a384ba0614f1bcdf275f
SHA512 c214cdde74916c77ff1e6fb9a24d3ab6520cf7544016cb4b845fd0890daca95b1601a162c64d8dc7c9d9aa435aec6699078cee1512ec3fbf3789f3f79ca9ba7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5495bd5f-11b6-446f-91f5-c9cc0dfb8003.tmp

MD5 b98a0bbb3956f140e2cdc7b49721f5fb
SHA1 94424e4b2ce11da7235746d8a84d4ab3b51bc628
SHA256 dcc5df3c84fac5320d2fb73b1ea2ff04e010d465594db7fd82c04b2c59869955
SHA512 27a1267adb3ae51c01296be9fe5f0edb0d518bf5e390fc46f57f09f1d1a061caea2f64dfbfe766fd071855345a6c2b5611ea13f7362b79e9af6856ccdeac5518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f49d1cdcd538ee3a8dd9f1223bbf5fcb
SHA1 c574876d7e828e33a54f7748538bd27d09167e0f
SHA256 b35f370a8a5b865e3de991eb999711b73738f939ffc44f2128b5515784136a08
SHA512 1a7151347fdebc59097024dda456281f1e82a88fbdad0083955234b52ad41d48a0dcbdf22a17b41d80b15ad041dbfe228db1d6b884772efa50c6f40cd923e05c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e7eacdb2a2f27de66a6bc3d78a545411
SHA1 38c4411b958adad9e8cce56029f626a86ff08723
SHA256 056f81667f8a85eb85b3ded4c511bc30a34099564b65ea9851eb2e781ea5979b
SHA512 3426ebd15bb3660a46d107aa083134a0f7ab55f8ebd4ed056d3fb45b9a788e53bb9e181dd468a2ea60c0bc5d46325efaf29006735a4c37b99d56524ef2201132

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dfb1.TMP

MD5 9d03f313e1cc2e3759f77e81e16ca09c
SHA1 cc5ee40b123fe8df51f990734f17c775e8946206
SHA256 a3729cf14d16deebf8a217f8c8c245dd1f5d70efc0c909fb7bb3324118eac5b9
SHA512 d43a500965ab7b091654ad5ccf0bd82629b910d8c3867e28db259a5f43c21de82c940d777137625245c2d377b3db2311b91f67f7084542d372ceb721075c4541

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f3a814bc015f0a26b9cc436a4e6f5e8a
SHA1 354dfc7e86826c4d6319348d1b3faa55003bfc12
SHA256 9fd60645c049a32165afe4074a584ad5af212e8f0d7ab965b089e147527e9123
SHA512 e00fe7673decc86ab9cc0216e78c37f9c3c34f243289b1c381c4adda7f6cc89e8fb0b22df050a39b7723608b62a0c1ce3712bea2c35673e09f005e656fee1ebc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\68c72d24-c46a-4ff1-aabf-316d2d08dfe8.tmp

MD5 28e779c62b55777b883ac9b7928ffac1
SHA1 d7875fd4e1a85642e5db289b208c856edc19046c
SHA256 ae514f08201bd2036aa192770a325fa9bfe8c3822d826361034733ae4656984c
SHA512 a4ca200336cdf1ecdafcf88a8cbb3559afcc231f1326217fd240d6af21258ceeab0c8eea8fd820574cb4e2002f98d76c488391ed4160e80e6d82e0071899b7b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 28c00446972acd684d30a9ccec77ded2
SHA1 a655e1aa0f5c93c95a13e921f3dfb35abbdb0ade
SHA256 02f41a1bde9842d92860725994fbdd88a3f762114da7b6ccda35aac393d1abec
SHA512 2d1edf1fb6e75d1388afb37296a9227e4e9026e8b2692215621bd195b47dad1c09e5b75eef4059f163dbbc55e821729750819420ed5872a8544bbfa11e976f29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 57658ebde7c078c05c3286b1e092713e
SHA1 0239b3c5f0cb1af06c40fc46d9113e467eb143de
SHA256 d31306e29456bd75f286b93f5364aa78b41ffce6d54ce3bca168ebf1d03003e8
SHA512 65f861d633557c80d3e9b08e8b0d334c832b10fce2f7bd45077b1ff84f1fbc7592d654e87951b8fb28000eefc1f4b6beec2c80c675db4f7fc9589a4123301981

memory/2432-363-0x0000000000400000-0x00000000004F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A544.tmp\PanKoza.bat

MD5 24f0349bbf490fea5eb3acbf54bd1ba8
SHA1 e3ca3514fe098b27dac66dfaa93e035fe6ef25f0
SHA256 78c3005b4d5f500de7d540822cf2c334fc585a6a0d45da8c4af47f1500239899
SHA512 4aac8a6652c1ff52c797344299f5f21746ff1769425bcdbbe4b04fa9363619e320811a8bf8ef0c18e7d0758f38d6a33249c14c9af4a3773da61bb2d7910fa26b

C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe

MD5 3aa620597abcae5c26b71e21e15b9acf
SHA1 ed797bc834050bc108a31f1511102608943391c5
SHA256 91f9327997754b0238caeff5cffced7eed3e13d5ac39dec87b329678bee8a145
SHA512 562de36b77f6cf5a369c8b434fb5605ee4169fa50c6a4df4d22c1a64dfec39d779b1fc285407ab851ef27b33061159cb1bb548079fa0d0a3d2e10517f8ee0b12

memory/4892-387-0x0000000000400000-0x0000000000423000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A544.tmp\note.vbs

MD5 b41b06859fca8e157db46e6609e4a51d
SHA1 8daa0836735347c030e641abdc277bbd66662c33
SHA256 f613aec542d7967cae9d01794b7061bce5083d68c825821a5b702e97f32039c4
SHA512 4290d132c7c1ad154a3ade465e810e9fe4db5a8e0604a35d53e82a6482cd22fdd8ba74e97c0bc2e146e2bcf2ecc9afcc4e4e358e98b353168b67a71b71ced75c

C:\Users\Admin\AppData\Local\Temp\A544.tmp\sites.vbs

MD5 5c5324b059b0abf1824a5223832b8479
SHA1 145c596bd6bfc1bfbd1a5a2aa8e5f4b3cef4ef57
SHA256 9fd517699e352ffb9fd73319eb1ec58e7e771457f6e7c1d715e0f57e1d37d733
SHA512 b8219eba1d34c83cc193b5ba2da8aa9dce4f8b221c9aac3a52256e6c2855b77be4270a629dec7e36c92652f9b5e4c1dbc84b91a3bcdca663cc3d728eada6c3e3

C:\Users\Admin\AppData\Local\Temp\A544.tmp\melter.exe

MD5 d9baac374cc96e41c9f86c669e53f61c
SHA1 b0ba67bfac3d23e718b3bfdfe120e5446d0229e8
SHA256 a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412
SHA512 4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ecd1e785cf5508e15582240cbdda6f0
SHA1 9332d32b491e204582151884edfcca4e6384d6f5
SHA256 308f4cd65ef466bd1cd0d304f5c805605c42064a34e69bd34a3069aacd29fddc
SHA512 39c7176196a2493581368f84a841f8004792e296deae052081cadd97ae342f0fd3388b73dd346fffbf88189f25e8ac53addb9b319c4161255bd10c6938597122

memory/2432-437-0x0000000000400000-0x00000000004F8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe

MD5 ad27143d078706b7cadcbb3f63212384
SHA1 71e532c89954881636f8fe973b9ea035a9e2de6d
SHA256 0b86d60e99e9f4a3bfa60cd447ac62eda52428be564f777151c883fdf547fb26
SHA512 39d8abb4883d3db96a88e88ea76ec8cc6a11e8905eeba593789a08b7d26cf449d682b2537cda790b124e06dc94bede7a78477f941220fe47d3e7ffad3bf9868b

memory/6096-451-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7e5416cde86f60e56484d2267a5645d6
SHA1 547b82cd47432f574c9855de00001307db50b1c1
SHA256 439eb364a5d3fc0e5753ea9688be86f15070f95c4f0c7077c0df14d8405beff5
SHA512 99be3f170d20ffd4c93e9d89a9d276ac88226b4776ab86c14132e8aba3defde08741c19117394cbeb590c599c8b35393aad7c5d6ef43111a9fb04845c590160d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 602449415a09f70dbbf717a211fa3790
SHA1 ab75af386b1346690813953802c14ebeffa24a6e
SHA256 fe7f0ee90423e44c09bbd18f5a6780b97bb73eb805dea873bb13caaf8c682872
SHA512 2cef1e238959bd748dcde81491a3609f1fd9a506b86c1689820c064abb686395efa97b8edbc262de7421512e60df89d1afee0d6883ddf511d62b3e06a39372a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 127097b75f54fdbb2fa7956148a796e6
SHA1 e7e96dd02e45b64a5a400edb7e4ec06d01e6ccaa
SHA256 6e9e6853f69e50b6a49303e9f57e7893a4ad68f0bf8501885d846d8186fdf54a
SHA512 e3028e58665debd31964d94ed726dd94c783d161d48901fa955113be4e4a506a3e0eeae1cf650ddfaea7e811810b3cb18050e499b761ea66724181900a9d4d0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

memory/6096-483-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A544.tmp\screenscrew.exe

MD5 e87a04c270f98bb6b5677cc789d1ad1d
SHA1 8c14cb338e23d4a82f6310d13b36729e543ff0ca
SHA256 e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338
SHA512 8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

C:\Users\Admin\AppData\Local\Temp\A544.tmp\lines.exe

MD5 50caeee44dc92a147cf95fd82eb6e299
SHA1 a6619a150a31f4c1b4913884123f5b5334e23489
SHA256 81b9a2e3e9ee39f05b585ad871696a946837fcf784d3d4ecd4b9caea16560a1e
SHA512 e009de28d24abbecac2b20c4dcbbe4bd2de461c0d3140043d1ef6db3e4807d13723fb1916bc9bd1a636cfdc4bb3e102ecae645e783901ebdf9996e9bcdd9466b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8c00ab4c-dfd4-4b6a-8898-c97605a84df2.tmp

MD5 74f4ee9a7ec91950c804c464af7a5971
SHA1 4b530ddf22af9faa9750f39797374863bb06b047
SHA256 0cc8492dbbca723dcf742abf3438b39ae60d1ffaae7a049cb5e8558ddf8dba76
SHA512 05a59068aa2f0aa078153e1a414dadeb1003f6e1b171e6e3fd6df3d58c7c26cf6a1c1fb4d0adf158da223bca9815ec19d3988fbd3e57d5cb047f382dad9c519e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed01e833175e8cf2c552984d1298041e
SHA1 a663151b8f110832bfc0a40ca865960a4be66e46
SHA256 6f00978eef08715c36c4fecb6ca90e0e4b2f58044bfad9c8098612ec2c02b6dc
SHA512 188fbfb4b0f27aed0c482af56109ef99766fa6c055c622b4d022de64a85f39a7f90c740adbb2b0277b6d0bb206c73738e825fe11b5255989f7a2e63edd9f9a6f

C:\Users\Admin\AppData\Local\Temp\A544.tmp\INV.exe

MD5 e079c468c9caed494623dbf95e9ce5e8
SHA1 4d8d1d17e9d7ff455a5c69e048d7575b5a3ea0f7
SHA256 8e217ce5670ac1021fdb6101372f9322f7ff82481ecd9badc104ff542e46128c
SHA512 d9c1a6f28c0c76b6856dec8723eb79d1b620a70b8ab3b5f028848e890a684beeb3460e310959c69f21cffb0a14751ea6cb719aacdbc2043121f057dd56f868a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ff0b8f127812201c075a429bdd4be1e6
SHA1 900133c98554973d674f63369d4b7c60b304197c
SHA256 838b35ccb85585931ebf271f24a58431026b5b90a987afeb6fa5847e38e30b89
SHA512 75b4a9c8319080d1238e1ee0fdb5226e4a4f101bdfd41c9e3fd0eb96a6ed2b7a690e15c47bcb1675c90b2b1becb03f6a86c0cae5ad5b8993e8351a8b729974aa

memory/5124-518-0x0000000000400000-0x000000000044A000-memory.dmp

memory/5652-519-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5148-521-0x0000000000400000-0x0000000000474000-memory.dmp

memory/4684-528-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2432-531-0x0000000000400000-0x00000000004F8000-memory.dmp

memory/5148-533-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ced7d3a3bbbad43ecc8d7d8501bcef37
SHA1 1f2e869deba19a797b3b58347387581dd0ea2107
SHA256 7e06c909dd60b01474724b6baa4b7dc68c7179c767d6c68e2b680c8e2f5d1bed
SHA512 bc54bf9edbf2ecb3207bf848e50ce0b4a3f6a40d3d1eeaeef093a55dc392339ec07311510ff51eb2162f414c872d59d4d973ead691b49bfb627bc95c4709d532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 230bf8527589d6f7e99859c0fed89bfd
SHA1 81cf5a689cf64e2e1ed1515cdf77c8bf7fe69316
SHA256 8c3a67e464201dace785e70b210704bcba47f9685e80118fa54ae97ccd8ebde4
SHA512 d87210f046d33d2aa96d3dabcb5a67f12ca25d6fa21865b0ff7a437772feb71acb493f423fe88e131f4e6af4cae5e280e4ee878af502143f8bd2f1853ca350b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 68f2832a04669b2d074932f410eb12bb
SHA1 7d7008f4d996952b3ebbe1c86c295660a0a0b35a
SHA256 ac976bf665e65f1190a5ce6559e508673c33f83f417d64e58253b4bd7b236bab
SHA512 2f8c7347b1f2d057622175530dc1584b8e46570c41d38e347bd3ed9a0cb3c766cc0d991d54b640224b1adbf10afae5c95929d5f87ceda4b1ccd616a21e93bafb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ce1624e86ff14fb868915dd43665d2a
SHA1 6e70c5c178033370a4080e8e1a9e05f9c82bbf29
SHA256 f34cfe710816039b540ea35a69ad112419e4437fe684e0ef82484653a8d41e87
SHA512 20f9045184cd336d561d3a1298172cda123e4aa2c032a65ded3ccaaf089511bb853dc248df46e1dba63ab8cd5837ff62909587564742584f54277c38869bec0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 61e180132f20097fa559c0cf65ddd429
SHA1 33759bd506a8416e06996b0e6bb683e3441a1d4d
SHA256 0bf1cea2e9f4ee7e98de58c80a44f278d4f1ffb09455495a62b9e7a4aa305a81
SHA512 833d88cc11f7648cc09b16f353ae6f2e60ecb513b2d1fc3f13e97d8334e5b64a1d5a9b93d7b5f6562621ef34b017cb63dc5a811682142195d4153f97775d01d0

C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.txt

MD5 c2237b49e278bfbe92d069fd0eea6a7a
SHA1 be6130e55528abecb5f5ecc70f132dae2b742993
SHA256 dec2ed71dd4daa3930e7a6794ae18b19c0bd35a7abe6663881398b753e7847b3
SHA512 c4dc6fed0493507d10ed2f19cdf57e5575ad9706f1d6005f437a3386d2d06b659fd9af3b340ab31e2e505ba351e03020f86336fabee789abb4c60fd20a953364

C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe

MD5 692361071bbbb3e9243d09dc190fedea
SHA1 04894c41500859ea3617b0780f1cc2ba82a40daf
SHA256 ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe
SHA512 cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe

MD5 5c378b11848ac59704c2000b4e711c30
SHA1 6a46c53fd89b1f66d3fdab7653181e8a3e56d418
SHA256 bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e
SHA512 c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.txt

MD5 47eb981c0a69adce46ec9fcd39bdc517
SHA1 f51eb156182145384e5870c3761ec48f08adbb0e
SHA256 de68d7273a4e4d7c3eebc23d0c7a5200202ec92f5f16fceb95a1a6fb0f126f43
SHA512 1c7f0837f11a19e648080cc7e8c401ed81fe7704851bbfbbfe0ef3b74f617b9223da1f0682e607a805c1a546575932cc2d327b759ce9268b063ed31c35364fc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09d4d8bbe51a8ff54bfe17e7502e9138
SHA1 74c8a562261c8aa7ff1643941d67a2a2fe79a891
SHA256 d6f9600759b2db5f8801d8a27475dca2e32a13dc2ef914258a4a119d0d352491
SHA512 82c80e0fa290e3c9d71386edda3575f078cf2788bdbbef8540a6052a19a44953dc8f2e3fa305ce54524221e521ab178394d7280d0d741a156d79a3b6866af912

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f86648979262649d247442098bb0c471
SHA1 06c871f0962c3fa9eeafe09a6d47c9d10a340a38
SHA256 28a155656129190b3682bac2e4b2f2810068dfa8c2f581916d87200d46038afe
SHA512 3baa4a59f43dd85a15d00b55d546ee23206cb97abbcea0c30d2d38649beb0c362b06c6dce0fd23b2fe51f1160cfaeeb7c646b0d221311a2f7f0ad43c3aa79af0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e16cb831e473f004527cf2d047f9d37b
SHA1 ded44f535ec74483a90cddc18b2adf0f3f95563f
SHA256 df6ae89cc165991bd33df3f7bb06a91a0082a2857e7c9053e704955d457283eb
SHA512 d736e93383a2f4330b3ec3e92b0dff7461d3ccfa06eb6b431156693bfd601968da3ffaabd24311960e717f610cd905e52b7f4a791a75bf6a6873730345be7f7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4c066aa3640db57dedc67a46cba0e08f
SHA1 c92829bc66f22dd48ac05ace42463382b1fe40ec
SHA256 b02e332569629ddf3871347a0429b9987b868e0f5ab40338bb305c3d474f6a2b
SHA512 7bc5a078e17fa0f3feefa87e573eb593e25ba4d46cd4de357fd10d3dacb081945e7d9c854eaaabd83c6d9804deca65439d565da54a6d4f80c7c7361150888f34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3c6857c5bf0921870456a494ddc52f0f
SHA1 5f0a8f02672a49593e60be3f90634fa5102478ac
SHA256 888ef2247aaadbb5223026d4b5ae3cc1c5e7d1bd796ebc885cff2e1b8a3c1166
SHA512 69b8e9d0cf3351f11d70ab487dcb71c716301edb8f28c1113f67db028fbcbe590e012f33505ff86b615f8754a9f74d652d63f783ffc5e4f64a2cfae065214cdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ff9c1148d39f9ffc89b0e9d3c8aab663
SHA1 f2fabf1636cacfd811bf98d53d261aaebfcbdc03
SHA256 5e8ee2014d601d1eea1fd203f39fe502d5364134b18872e0bf0e45d8105d7467
SHA512 f7c368efc7b0315c998caffdcffb62c56ece497b0051bc793425cb601e3d438d5d4d7e1d9899b7f315783c5c60423038f42ed2537c497baa25034a1ec270f7ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aff814b2fb27550f9359777cad016e22
SHA1 24a495bb8a5fe2d6d45c67362290e5fb0d748dc1
SHA256 34d991e9010d48e4ece66c7f272648209d5cb6c548d495a068d1c00f42ae3f4b
SHA512 2aebfbd86917654d0c8789f4366bcfddd9211a0758fb6ca658e441b21252e42b07b9abb421e4ad5ac0bda0ef3e1e2b427cd9f9dbbd202fb9043e661c47ca8232

memory/5148-1154-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8ab9e389064cf03797f91e4fec6e9b6a
SHA1 49f63d29eb91b41e1d4ce8ff38613b55f9411f82
SHA256 50f213f877645e6ae88187a41f4ab1352d0bb4271e789957710ffb34e234c3cf
SHA512 10e016ffc5c5a9575fee5f9f46f8123a2139419ab445d6889529ddf0b5e2b41881cd5ded5e67f592040f2b49fccedbf62343aaf71edac1008bae6a3d304d94fc