Malware Analysis Report

2024-07-28 09:12

Sample ID 240701-289lkszckl
Target https://solutionhub.cc/download/ZharkBOT.exe
Tags
asyncrat persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://solutionhub.cc/download/ZharkBOT.exe was found to be: Known bad.

Malicious Activity Summary

asyncrat persistence rat

AsyncRat

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Suspicious use of SetThreadContext

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-01 23:16

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-01 23:16

Reported

2024-07-01 23:24

Platform

win11-20240611-en

Max time kernel

441s

Max time network

440s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://solutionhub.cc/download/ZharkBOT.exe

Signatures

AsyncRat

rat asyncrat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Windows\CurrentVersion\Run\3v82v2vcc2 = "C:\\ProgramData\\34vgn892c.exe" C:\ProgramData\34vgn892c.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Windows\CurrentVersion\Run\Uqwgg = "C:\\Users\\Admin\\AppData\\Local\\Uqwgg.exe" C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Windows\CurrentVersion\Run\3v82v2vcc2 = "C:\\ProgramData\\34vgn892c.exe" C:\ProgramData\34vgn892c.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 768 set thread context of 1224 N/A C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643494072418072" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings\shell C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings\shell\open C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings\shell C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings\shell\open\command C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings\shell\open\command\ C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings\shell\open\command C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\ms-settings\shell\open C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\ProgramData\34vgn892c.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\ZharkBOT.exe N/A
File opened for modification C:\Users\Admin\Downloads\ZharkBOT.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 248 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 248 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://solutionhub.cc/download/ZharkBOT.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff154ab58,0x7ffff154ab68,0x7ffff154ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4772 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4796 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3428 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:8

C:\Users\Admin\Downloads\ZharkBOT.exe

"C:\Users\Admin\Downloads\ZharkBOT.exe"

C:\ProgramData\34vgn892c.exe

"C:\ProgramData\34vgn892c.exe"

C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

"C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1716 --field-trial-handle=1780,i,13125388264315982989,17915629702150275319,131072 /prefetch:1

C:\Users\Admin\Downloads\ZharkBOT.exe

"C:\Users\Admin\Downloads\ZharkBOT.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"

C:\ProgramData\34vgn892c.exe

"C:\ProgramData\34vgn892c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 solutionhub.cc udp
US 104.21.2.10:443 solutionhub.cc tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
N/A 224.0.0.251:5353 udp
US 104.21.2.10:443 solutionhub.cc udp
US 172.67.128.126:443 solutionhub.cc tcp
GB 172.217.169.67:80 c.pki.goog tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 199.91.155.70:443 download2329.mediafire.com tcp
US 20.163.171.63:8880 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:80 solutionhub.cc tcp

Files

\??\pipe\crashpad_248_JZVIHGAPFAPTKNPA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5e42b0e4-4d90-4668-9fe0-6c3406f313b1.tmp

MD5 aff1d93b671e2802ac05758f76e4739b
SHA1 761bdada8e9293064302b2091abc83880b367cfc
SHA256 cc5867437749e85c32b5550970374b3bd13a30e63c0b43ba2ab0f4ba8b01b4f6
SHA512 5c73a4569fa17f3e10ef9adef434d1c9a577224f9cf1e8dbbfc21e93378c5ebdd86682775acc422760282a490be9c1ef5be7571755a2fcf8e96490b2c9377a07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21bde9ba043659ca5fa65a4a71425663
SHA1 77b69f269b8e4bc2f31549ec62db0b3c32481fa5
SHA256 01c8516205bb2f3f42c1f18329e1944cbd614ca0ba1d5b3e925af1a718677303
SHA512 15fb2cb208345b47a4f9427c260ea1cdec90e3b593c4be85baf38f430c7c0512bcb1c187bd530c63ee8d6e28098ddf32984784d795d6c19ecf5ea548801560ac

C:\Users\Admin\Downloads\Unconfirmed 158545.crdownload

MD5 339271af2bbdad0395a479c3ef2a714a
SHA1 4f38b94fdb7f3cc4cf9f79bbb4d4311b85f0e14b
SHA256 71769ebf723749783f5e79f7b8a43d6ef03582fca2d1d26cad69157b73004f2b
SHA512 b93d038fd8159cf46f9568f60a22080b0a6e7b383028b47983465dd0c5fe1611a0e0eb99e141c2ee1604b29df6530605f489e05389904eff51048bd9d2e4eb0e

C:\Users\Admin\Downloads\ZharkBOT.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b8813d6a3b54cdc53057413b4553e51
SHA1 af73280cc48f4db74d090fd4a1c22f067b2b9cff
SHA256 499bae0579deda1af2032b833408e73a0832fb2a5028e16d8df72045ce1e27e0
SHA512 e5928ab279049ece1a3d4470190c3e63d2c4c8bb169b3dcbfce53ade7ca3d1e49a4f4a23b66b0b78054f7ba8c2523e4506535dec540ae607cae958ea9f612b7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d467.TMP

MD5 4a9949410fd85e1c9570b678f44ec2cf
SHA1 8613757ab6bdaa1fa256425f0b3d7833c8c35292
SHA256 3dcd9a5a366c4652d66071a73ec861f7a5f87f99bac906cccb48d9dcc9422e92
SHA512 b1bd84412e69ca379377666942a03dcce51328f8bb0065134e0b2394f51d506176ba4b3fca1b9029bb778cd6b5a5fb08a478582202112a073183a1d042381566

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a4c93c59adcb41a17ff924e397cf3854
SHA1 620d2c256b3eea722c91a944a1117940de609ed7
SHA256 f20cabeb89ee2b0200b9cfeb1c158941e9cb0ee5e7f25486983b4992b8d09ae7
SHA512 18f20c0252828fd813abcafef36c844422e65ce94c2028ad6cc58e1216848d43faee4760d720a4d24aa3a55b8781a2165c63b641f8b211523d862da9997c79db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cb83b6a4c538e6b22dfff2a2132d7a20
SHA1 9f2196e822ac18bac56f63ed7467865558a61fa7
SHA256 1a9140a5d327eb4ad1ae6a3263d76d2ecdbf9ca94346768048a2362074af4a88
SHA512 de805dbc14fe27638fc28000c2f04d18918339a93f36e090cfbf465d577ccf4783f90db8ee44da79800c0e755ff702e0a4eaf163f6f3c899bafa8afd4c02b28b

memory/3532-125-0x00000000048D0000-0x00000000049A7000-memory.dmp

C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

MD5 4de07fa106d917b74e44bd624f3eeaef
SHA1 dace1725097a94f1fdfad54f0eb2a2fbeab13a72
SHA256 99f566b150282334d980ba5d41138ff81b88375ccac6a0ad366b3de194c63053
SHA512 0c4524e7ee31d4ef11fd8a954e0ff02be57def4dc9c5550232338a07f7d27e3f8219d45b6e230f963ccdcd9b7b7daab5e0e3b60b45f8cab143159672398181c4

memory/768-145-0x00000000009C0000-0x0000000000A0E000-memory.dmp

memory/3532-151-0x00000000048D0000-0x00000000049A7000-memory.dmp

memory/768-152-0x00000000079C0000-0x0000000007C04000-memory.dmp

memory/768-153-0x00000000081C0000-0x0000000008766000-memory.dmp

memory/768-154-0x0000000007E20000-0x0000000007EB2000-memory.dmp

memory/768-159-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-155-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-156-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-168-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-170-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-166-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-164-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-162-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-161-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-174-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-172-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-182-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-196-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-200-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-218-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-216-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-212-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-210-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-209-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-206-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-202-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-198-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-214-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-204-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-194-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-192-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-190-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-188-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-186-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-184-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-180-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-178-0x00000000079C0000-0x0000000007BFE000-memory.dmp

memory/768-176-0x00000000079C0000-0x0000000007BFE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ad33be36b785182e49efe422c87c47f
SHA1 23f67ce9e5b952a5eb5d9361901aad45ffdcddc3
SHA256 6d6c1d168a20ffaae14c4a475bb9ce6db6b485856e79b6882183b60bbf9da06c
SHA512 c97a21bae1ad61f788959657101ed38d391d3a138eafd7bda27b1ed3087e81f2d4a622c3296927bc46685d2230269efc0ba2e6dd2720cc5e7bd3f9a78ba4e188

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f08679ed7634d4403a038e931169d544
SHA1 432ec95e9af340001331e3763418a785665e4c53
SHA256 40ad6b1f96d72e857f77e079031611326da17a82b4263387c0895f94a6d18305
SHA512 cc02f6bb0ec9ebc5954e59fde859c48b60489a5d8765c8b3d15934fc06c4352371b07c1cad7a6ce1c43712fe4594d0c55789f1aef3b6aafd10c27eaece6ff881

memory/768-5040-0x0000000005E40000-0x0000000005EC2000-memory.dmp

memory/768-5041-0x0000000005F90000-0x0000000005FDC000-memory.dmp

memory/768-5042-0x0000000005FE0000-0x0000000006034000-memory.dmp

memory/1224-5046-0x0000000000600000-0x000000000066E000-memory.dmp

memory/1224-5049-0x0000000005C20000-0x0000000005CBC000-memory.dmp

memory/1224-5050-0x00000000056E0000-0x0000000005746000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 2365869258df7a66a2121b802ca4afd9
SHA1 73acc30a2edeb9d6830de559bb8a74f35168135d
SHA256 d6b1932822bbd72a8e78c771717d992142348f67d625a42393719fefbe59b0ed
SHA512 795004bab536e128dbd81c188976d37c7b650efbfa5a80374df4c65a1049c27658f4620b7605583928eb167fcb69b4c99e4c8730c507b824a7bde9c7fb0e21f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 07505e3fc4a3b912e4508b77814a61f7
SHA1 4348f99250bad6564884dad8cf99243818a7fcb5
SHA256 81852acb2c660027276de58661404819b71cc45f78067ae43bff5d076818cd11
SHA512 9befde1e19e0b5cb1b4aff37012f8d5894daa06ac96704f85db07a2886e174dcd4bc25b592e8ac916509bd266cda7c6e3e4b1b23013ed4149d4db13591f66db5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 1bfe0a81db078ea084ff82fe545176fe
SHA1 50b116f578bd272922fa8eae94f7b02fd3b88384
SHA256 5ba8817f13eee00e75158bad93076ab474a068c6b52686579e0f728fda68499f
SHA512 37c582f3f09f8d80529608c09041295d1644bcc9de6fb8c4669b05339b0dd870f9525abc5eed53ad06a94b51441275504bc943c336c5beb63b53460ba836ca8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 01f559e094633ee9c2057ade88388111
SHA1 e2b54cf8a3507086522f5e100a8b28cf6e40e666
SHA256 531c2c8954126ceefe31b35a01774437d59578e0f5d9f060b17aace8aa0aa1fb
SHA512 72f04445b90a883f913e2e6c28afd4896953618aeeca2496260ba4c177a1676f19575cffeff51ece86b77a300ff692f7ada26aa34c4efd0e32d5ba09402c851e

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 23:16

Reported

2024-07-01 23:26

Platform

win10-20240611-en

Max time network

72s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 199.232.210.172:80 tcp
US 199.232.210.172:80 tcp
US 8.8.8.8:53 solutionhub.cc udp
US 172.67.128.126:443 solutionhub.cc tcp
US 172.67.128.126:443 solutionhub.cc tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 126.128.67.172.in-addr.arpa udp
US 172.67.128.126:443 solutionhub.cc tcp
GB 216.58.212.195:80 www.gstatic.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 172.67.128.126:443 solutionhub.cc tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-01 23:16

Reported

2024-07-01 23:24

Platform

win10v2004-20240508-en

Max time kernel

443s

Max time network

440s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://solutionhub.cc/download/ZharkBOT.exe

Signatures

AsyncRat

rat asyncrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\ProgramData\34vgn892c.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3v82v2vcc2 = "C:\\ProgramData\\34vgn892c.exe" C:\ProgramData\34vgn892c.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3v82v2vcc2 = "C:\\ProgramData\\34vgn892c.exe" C:\ProgramData\34vgn892c.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uqwgg = "C:\\Users\\Admin\\AppData\\Local\\Uqwgg.exe" C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1576 set thread context of 3244 N/A C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643494082548010" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings\shell C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings\shell C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings\shell\open\command C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings\shell\open C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings\shell\open\command\ C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings\shell\open\command C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ms-settings\shell\open C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZharkBOT.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\ProgramData\34vgn892c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3164 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 5000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://solutionhub.cc/download/ZharkBOT.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be90ab58,0x7ff8be90ab68,0x7ff8be90ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4388 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4900 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4612 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4708 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:8

C:\Users\Admin\Downloads\ZharkBOT.exe

"C:\Users\Admin\Downloads\ZharkBOT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4404 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:1

C:\Users\Admin\Downloads\ZharkBOT.exe

"C:\Users\Admin\Downloads\ZharkBOT.exe"

C:\ProgramData\34vgn892c.exe

"C:\ProgramData\34vgn892c.exe"

C:\ProgramData\34vgn892c.exe

"C:\ProgramData\34vgn892c.exe"

C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

"C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3884 --field-trial-handle=1896,i,8328993916761525045,3268471887603621692,131072 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 solutionhub.cc udp
US 172.67.128.126:443 solutionhub.cc tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 126.128.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 172.67.128.126:443 solutionhub.cc udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 solutionhub.cc udp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 10.2.21.104.in-addr.arpa udp
GB 172.217.169.67:80 c.pki.goog tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 download2329.mediafire.com udp
US 199.91.155.70:443 download2329.mediafire.com tcp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 104.21.2.10:80 solutionhub.cc tcp
US 8.8.8.8:53 70.155.91.199.in-addr.arpa udp
US 20.163.171.63:8880 tcp
US 8.8.8.8:53 63.171.163.20.in-addr.arpa udp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp
US 104.21.2.10:443 solutionhub.cc tcp
US 104.21.2.10:80 solutionhub.cc tcp

Files

\??\pipe\crashpad_3164_HKQNDLJBVCDBDMKL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\714f570a-6170-4151-b015-7ae593433bbf.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d951739260dc13b2f89a9ca6d60a1c2a
SHA1 2183e94d0ab3fa721989ea0e90cfbe03352fb806
SHA256 50d628a4eb4567b802472b7c7e0dc2170c9194bd34af5aba7655fe379b659c9e
SHA512 5e9c19cae1ceec6b06e9bc5be4a23bc154c05e4aaffe0666ca7e64c35e18fc88369394d5fd283bfcd08520c405b2c9372bb568fa15f46e24a1e031827027ec81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9db96ee7a86f274c0f9218c4d5358235
SHA1 ad425b81406eee8308ee5fac52815310359654f4
SHA256 5b708e4bc0e4c9506ed6f6e4e3a19c1b689c1b7571643f44970d863756848c8d
SHA512 8bbe77aa55232bb0e6020f0b187b77ea6c3286ed68f59497470338b38066d9b224fbcfb0d385778b8b114f9ad7b8d65b804e7b0044f553f884d94c1a6dea75ec

C:\Users\Admin\Downloads\ZharkBOT.exe

MD5 339271af2bbdad0395a479c3ef2a714a
SHA1 4f38b94fdb7f3cc4cf9f79bbb4d4311b85f0e14b
SHA256 71769ebf723749783f5e79f7b8a43d6ef03582fca2d1d26cad69157b73004f2b
SHA512 b93d038fd8159cf46f9568f60a22080b0a6e7b383028b47983465dd0c5fe1611a0e0eb99e141c2ee1604b29df6530605f489e05389904eff51048bd9d2e4eb0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad03193b71807abbd74ac5b3ceb35405
SHA1 bd2f88339278d46216ce81300783a0430e0479d7
SHA256 742fd572eb1584b3c90b011e9b3aabd5d7bbaf1b29d2b00ddafbb212ed42a48c
SHA512 af1266b4c2e23ea43d6b83d19e57310e9cf766e9bc8db2d4727ff085cd8efa76262c5e59e5cc2809742136314fa922621d65dee51bdbb4ea2456757dcbd43d11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 df27033e5763b24d9f8eafec16bc0a96
SHA1 449da8dbcb9d7c54c265557a66d8316299fa805f
SHA256 e0e57e15043875c536a347d2fd261ecc0132f6260b03f18bb37dcf26031f6f3b
SHA512 9d4c8da446c16bb6e39860cacaebc17bb883ec08f36dc3fa591d90812172b4393e83749d636818cdc94bba3685c68894f4fba9169a873f5cb82075af10324828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d37207d3b02956364ebf978afb14aae0
SHA1 3d84160a429ee898c0d3428295d89c1e1457d9b2
SHA256 a979e94a87fe355dca3108890b40b6131e4fc6fcba0c5247f85ab8ecb98a7af2
SHA512 0c99d7f1bbe7f52e402fa4381f145de68af3f5e338e42992c0f380764df2d47fbc99564ac9686f18a2d681d96485764cfa1cf1952701f91e77c2e021ea136899

memory/736-122-0x0000000003BA0000-0x0000000003C77000-memory.dmp

C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

MD5 4de07fa106d917b74e44bd624f3eeaef
SHA1 dace1725097a94f1fdfad54f0eb2a2fbeab13a72
SHA256 99f566b150282334d980ba5d41138ff81b88375ccac6a0ad366b3de194c63053
SHA512 0c4524e7ee31d4ef11fd8a954e0ff02be57def4dc9c5550232338a07f7d27e3f8219d45b6e230f963ccdcd9b7b7daab5e0e3b60b45f8cab143159672398181c4

memory/1576-140-0x0000000000FA0000-0x0000000000FEE000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 2365869258df7a66a2121b802ca4afd9
SHA1 73acc30a2edeb9d6830de559bb8a74f35168135d
SHA256 d6b1932822bbd72a8e78c771717d992142348f67d625a42393719fefbe59b0ed
SHA512 795004bab536e128dbd81c188976d37c7b650efbfa5a80374df4c65a1049c27658f4620b7605583928eb167fcb69b4c99e4c8730c507b824a7bde9c7fb0e21f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 419ff7f66f5baa6a48bae9623254f0b9
SHA1 7d042f981a2b62bdf129b2be49ac69d41992742a
SHA256 00952c1bdfd21c2b86562b631d21a3ea89a8512b292ba49ff4cac67551b7a33f
SHA512 d04fe034cbe3c77778095a2fe99767836db2583d6e127f520337fbed3b5769a8c1f04a3ba6bdf69245c30784c2b5ce0a9a20cdad5f1423be0a1e530f189448e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 1bfe0a81db078ea084ff82fe545176fe
SHA1 50b116f578bd272922fa8eae94f7b02fd3b88384
SHA256 5ba8817f13eee00e75158bad93076ab474a068c6b52686579e0f728fda68499f
SHA512 37c582f3f09f8d80529608c09041295d1644bcc9de6fb8c4669b05339b0dd870f9525abc5eed53ad06a94b51441275504bc943c336c5beb63b53460ba836ca8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 a9ae5b97b090f3e2021dd829b50b0537
SHA1 c0153e199048ab0b8329538b7e6480a07e62c7ff
SHA256 c5e89ee28840a822039be20709213c55f50dd0a3de12869299e31b38ebe63376
SHA512 34eb91e7331ca5b93e1669e97514d11f392df4440cc1952f618c7200551f9b6c95310d59e6ffc67a9d6bbf09d766523ebe34f8b38172894bf383a1ed457969a9

memory/736-153-0x0000000003BA0000-0x0000000003C77000-memory.dmp

memory/1576-154-0x0000000007C30000-0x0000000007E74000-memory.dmp

memory/1576-155-0x0000000008420000-0x00000000089C4000-memory.dmp

memory/1576-156-0x0000000007F50000-0x0000000007FE2000-memory.dmp

memory/1576-158-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-162-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-170-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-180-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-178-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-176-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-174-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-172-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-166-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-168-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-160-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-164-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-157-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-182-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-184-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-188-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-186-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-202-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-198-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-210-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-220-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-218-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-216-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-214-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-208-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-206-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-204-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-200-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-212-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-196-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-194-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-192-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-190-0x0000000007C30000-0x0000000007E6E000-memory.dmp

memory/1576-5019-0x00000000060C0000-0x0000000006142000-memory.dmp

memory/1576-5020-0x00000000065F0000-0x000000000663C000-memory.dmp

memory/1576-5021-0x0000000006640000-0x0000000006694000-memory.dmp

memory/3244-5025-0x0000000000400000-0x000000000046E000-memory.dmp

memory/3244-5026-0x0000000005C10000-0x0000000005CAC000-memory.dmp

memory/3244-5027-0x0000000005CB0000-0x0000000005D16000-memory.dmp