Malware Analysis Report

2024-11-30 05:27

Sample ID 240710-17mjzstakj
Target https://github.com/Talha836902/adbPP_2o24
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Talha836902/adbPP_2o24 was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Lumma Stealer

Drops startup file

Executes dropped EXE

Checks computer location settings

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Delays execution with timeout.exe

Suspicious behavior: GetForegroundWindowSpam

Enumerates processes with tasklist

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-10 22:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-10 22:17

Reported

2024-07-10 22:19

Platform

win10v2004-20240709-en

Max time kernel

95s

Max time network

95s

Command Line

C:\Windows\Explorer.EXE

Signatures

Lumma Stealer

stealer lumma

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1572 created 3536 N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif C:\Windows\Explorer.EXE

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Win Installer x32-x64 bit.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\scanguard.url C:\Windows\system32\taskmgr.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScanGuard.url C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScanGuard.url C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Win Installer x32-x64 bit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651234757412311" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3240 wrote to memory of 2576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 2576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Talha836902/adbPP_2o24

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff7740cc40,0x7fff7740cc4c,0x7fff7740cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,10623993798954644882,1573478768994525761,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,10623993798954644882,1573478768994525761,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,10623993798954644882,1573478768994525761,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2304 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,10623993798954644882,1573478768994525761,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,10623993798954644882,1573478768994525761,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4436,i,10623993798954644882,1573478768994525761,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4704 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,10623993798954644882,1573478768994525761,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4988 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Win.Installer.x32-x64.bit.rar"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /1

C:\Users\Admin\Desktop\Win Installer x32-x64 bit.exe

"C:\Users\Admin\Desktop\Win Installer x32-x64 bit.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Reserve Reserve.cmd & Reserve.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 582933

C:\Windows\SysWOW64\findstr.exe

findstr /V "HydraulicPersonalManualsKnit" Foundations

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Pastor + Fate + Da + Religions + Intel 582933\W

C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif

582933\Inherited.pif 582933\W

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\cmd.exe

cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScanGuard.url" & echo URL="C:\Users\Admin\AppData\Local\ThreatGuard Innovations\ScanGuard.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScanGuard.url" & exit

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 121.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 lrfLuQEWqzywHdhtuqCWrjiL.lrfLuQEWqzywHdhtuqCWrjiL udp
US 8.8.8.8:53 whisperginkowp.xyz udp
US 172.67.132.142:443 whisperginkowp.xyz tcp
US 8.8.8.8:53 bouncedgowp.shop udp
US 172.67.214.52:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
US 104.21.81.196:443 bannngwko.shop tcp
US 172.67.146.97:443 bargainnykwo.shop tcp
US 8.8.8.8:53 affecthorsedpo.shop udp
US 8.8.8.8:53 142.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 52.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 196.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 97.146.67.172.in-addr.arpa udp
US 104.21.6.254:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 radiationnopp.shop udp
US 104.21.68.158:443 radiationnopp.shop tcp
US 8.8.8.8:53 answerrsdo.shop udp
US 172.67.203.63:443 answerrsdo.shop tcp
US 8.8.8.8:53 254.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 158.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 publicitttyps.shop udp
US 104.21.25.154:443 publicitttyps.shop tcp
US 8.8.8.8:53 benchillppwo.shop udp
US 104.21.81.128:443 benchillppwo.shop tcp
US 8.8.8.8:53 63.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 reinforcedirectorywd.shop udp
US 172.67.214.98:443 reinforcedirectorywd.shop tcp
US 8.8.8.8:53 128.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 154.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 98.214.67.172.in-addr.arpa udp

Files

\??\pipe\crashpad_3240_JYMJGAUOBVRDNNBZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Win.Installer.x32-x64.bit.rar.crdownload

MD5 44c0c755c92b2a53d0179b86381996a9
SHA1 3a6d06a91e9fa3aa9ab137837b9e4cbb287690ea
SHA256 fe3d34b51ce4afe4f98663544713c3074231e68457aeff26c63ae7303334ab52
SHA512 24580bf1d719b1d8dc6e4bd9a3c3e75798bb69c32936dd840ca1f5f2fc2980f61a7c0dc1c04998ce957ff72c37ca4045c99d14bfe474f4c3786c91d0e5b64837

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6b3ec715d48bb0c0203dc59fc0548b4d
SHA1 efbfb0b3c4db0796061497f38c12155b0059dd40
SHA256 3fabd287f8d9e0542fce50253af0e459c6de012e5ea0e92d0c20f29ed917cdd3
SHA512 c6fbcabcc560e9f2d05711b95e946ecf68cf582ff1318a1f76c00e112fabd0724ba19621e9a85b779fe81d0e5ade7de5604393428959c77db7b732cac6091d7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 265ad1451e2d1c3ac861790b86e91b60
SHA1 9ef941ffec85b7540b3ef875f56bb8bfaa5e5b62
SHA256 daaaff731eeeafa9470bee466139a5c1059dccb217ef717373d1f5f8b6d9802b
SHA512 6a07c2d48e1edde22c0d1a854607e19fea88a38f0ffe65e0af393b57f31c1f697bd9dbda2d369f5cb0761d820c7f8e5786feb62102cfd357c191669b694b7135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a75c03463b47daaad7cecb10ad4abbef
SHA1 fe64ce6a2469b37f71e7d226adbb5137b60bbe8f
SHA256 0c3739b9b918300d401b91f77aef3164e89e1c63d807418d1b7aa6a17953fb9a
SHA512 532d71acafc3829201c44e5dfd30bc7ee03d2c49083f4c3fc6090978c2fb0b99f49b74fce8286e7c8b8b7425357a4f202f8126923add64cbb91dd502ed8a7333

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\87796ab6-1149-4dad-86cd-af39c804c3b9.tmp

MD5 ec5f9ef23f15e9dd59b14fe62365258a
SHA1 c5786b2a3333216d86414e14cd93adc0d629e6a4
SHA256 23010c0520b2c7a3d2ebdc0df51a76e6655c93d76ca6486701e83a7f87b7241f
SHA512 565f4d81edc4f87ee4a638b3a5c6ea64a66593507f3c3b368910cec669025feb5555ab1e4e77a3c72540b10f6765fdbeafc2df493a0f7ddf4b991ea5f86ad396

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d972588f70a317d51309e7a11961a23
SHA1 5b6455e30e748df8ea4c2697137392ce324ccf66
SHA256 66acf9b5f3fa867f8c7a13389391fa8383bab5c5bfa076ca4176776400d04cbf
SHA512 11f00e2fc0c3ffb37581a0265469969db939ed72d6daf20cc219c6d168e66d833302e147e432c1fc988f57d42c0d38d30df4d1b6b566b55060540ccdc90381e1

memory/4324-220-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-222-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-221-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-232-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-231-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-230-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-229-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-228-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-227-0x000001E670450000-0x000001E670451000-memory.dmp

memory/4324-226-0x000001E670450000-0x000001E670451000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5bb49ecce1372cbb5156c918edf65322
SHA1 47391f7eec3becff6a9ae86f20c7e04d73eb1097
SHA256 8f016a5c7c921b4134f760b611486bd783df7762908638f5249ed182587c2a6b
SHA512 f20a41b5896fd0cc98848b570591c797ac23a7f547999351d615d6720a2c37b447f292acca90409fdf854d84b7737f9bbb207a798f2bcd116779334b7d0c602e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e13f7f40f607a54b6fff1193bf4a309
SHA1 3d62b8b8c98e195eff08bd5580d5e55b41d91a7c
SHA256 ec4e0114ac53b3a577235045e16f01797b907aac5e5b55a4792bc769af1a105f
SHA512 8344fa7267dfa039861063ad482bc9044609c3870f6f7732f382c67ea8ac11d710fc5db78f52eae3f754c8a57c0c6bfacb8f1b7ed93b8b69def70e9de4725d2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 2ce72f82edd7b53e5065b6dcf91b9b61
SHA1 fcae3e00700bf31bca5c5ca24177d703e42a9c44
SHA256 a66d2d08b1168169eb4766ed691686c62f3c7638cc2ebfd1c0f6b45c4e24d40d
SHA512 20ef8d04f7c0ba3492788a3e7b60313839d9a88609b130851b820857ae01b9548b087e02a551fee7318b9d8f187818498683c8ce844d92902eeb6fdb58a72aa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1c91d87347b3a6cd2d43af1ef6233cdd
SHA1 279c8fae1221c1278ee5feabc23b9b25f0f14901
SHA256 b269a621ffee907621d016cb58177d60af3948f433fa9c4b16e95fb4351fe077
SHA512 96cf7a4ec1f4a9fab2e27eb64f6968d56c26551863d0bcbb888662c50d88dcd390303f372464ac34d4e9b2b0dd8a360966da399115376b403ffd53075c97e60d

C:\Users\Admin\AppData\Local\Temp\Reserve

MD5 c9371ed5b8c6e5d1f329646d9d790a11
SHA1 445f2d9584b04205c12904affb8c51d476293bea
SHA256 e351445258c4072d717a6f7ef118c096a6b139bf24069bb79b2e856f525a658e
SHA512 f3f50f711fb1aabd25c7209cf5798ee28ad7595f4e70fc496179b0da43959dc2d5a2dede45239c0c325363b75f0d2b4306465bfc86c22b74ed779a37134b2a6a

C:\Users\Admin\AppData\Local\Temp\Foundations

MD5 5489f143c104d0f82ff457cdc69e7918
SHA1 9fc43460722836a26af7ea3e79a5601ee653cc83
SHA256 025fa0f93756b45d30a851eec7a600da792d4381e079ef74433f26ce2a810ce6
SHA512 3a994bf10e1538bf46767ea04060b93924c3ab038ee462d5a13abdb878e984e0f36fe32fe229d232b986c379a2ab377cbc6a24b1caeb64847e63fe05220065a3

C:\Users\Admin\AppData\Local\Temp\Welsh

MD5 bfda115f30211a47f9fe059cdd507c45
SHA1 386790080846e82d89c09c0e5639b5f651093f9c
SHA256 5726dcc6b505ff415af543dd3973e34899492fd4307d3c83d29adbee1ee013b2
SHA512 1a9020524267cda23f2c48286f689cb4d33914ac441412520d44a402cf27866e8f8bf05fc85491b122ab03243f2a490e673732d8d3b5312f5d75eb379c05a3e6

C:\Users\Admin\AppData\Local\Temp\Many

MD5 361d1c74fc8cfd6b557aa348551f6e0e
SHA1 333b4cacc2c42d796f2a1f966f71a18214a1528a
SHA256 de1f5a5534cb4fada16536cfd9d477ce9968bf778ab4b35a373cfff2cae2c603
SHA512 ada9d845c2b8172dd54f19a41076b0d14735978c247d78b2052dae01943f3628ea9c2dd2e23731f296cfc9bd8cd7e92f6c3fc9a8ae217623acff674d10260ee0

C:\Users\Admin\AppData\Local\Temp\Prison

MD5 9d6878f656de8070317743c6cf82b395
SHA1 ade04d4b63394353a2c655356b5af4b9d3f74716
SHA256 6bef5b0b3e731225b54254fa3c9c0e991c245c997d094be5293ae02a51b66f2c
SHA512 4d8e4b1a8115c6c101f4840667929c63a4b261ae26cb9c75d27d762e81b3e0be98108d0c4f5bcd10728765d71a547b2f99899e16c6befbf0cb69819cd59f4438

C:\Users\Admin\AppData\Local\Temp\Dreams

MD5 42041495ed6617f78af756f6a4a6f976
SHA1 0146e43af3f3769f24fb9c989d67c3da556aec71
SHA256 2df596280100ae809f844211f6b1af9d21ece7f26b7de4df307a72e9d31f2cf7
SHA512 73fb7aa1691f1d555f5edde395416ccf6b8a7822d318c4d6dbe2a44a528230c9238d99640fd840d630a70ca153ed9c4b4ec332e59f6d3f96be0e36bf5d7e6627

C:\Users\Admin\AppData\Local\Temp\Singer

MD5 10b39f3296a9c896eaef0a3adfeba1a3
SHA1 9ce252724865dfa54eae0325b3b58f512cb3a52d
SHA256 f47aed465c005056a0af5673622086799c57564d1bd5c833f4871ecde8e98270
SHA512 0c8314772cabce904d880b4dcb22289f4caeacaa86eb0ff1a22174210514006af8fa2d7451fbc1fca73d815ee57c4181f42cc35e1975a415e156ef2feaadcf15

C:\Users\Admin\AppData\Local\Temp\Attribute

MD5 7c5ff13a2892ff013bc359244609e658
SHA1 b7afaff2ebf724393c0d204c3287d61df976942f
SHA256 cb3782244c294d3565da20eaf76bdda97080311fcc67b910c8b9c09a8615e45a
SHA512 85eefd94a8f9e3f0cfe2f7b2b9954a487099bee49604f0faf72e9fa9870f00ed81267cd5a8f06a1dca16a2e601457e556157fa0611c3103b9409f0f08a87df94

C:\Users\Admin\AppData\Local\Temp\Game

MD5 d0387e2ba9ebcd1d9f3b26d765dfabb4
SHA1 ed2f05c501f4ca734e30a00286fb193b6899ab1a
SHA256 53191d7171eb22d071643f08013397bb8c362d0485edf9dccb14cd7088c2e1b8
SHA512 573b93da069cadaf15cd7291874fd489332f37941236bda7fd71f8e5e5127d8be71d8e997f97777d424b1a7e32978da5f5dbc4aa428b72650f19026731477d7e

C:\Users\Admin\AppData\Local\Temp\Rl

MD5 f6ca12c193ab757eb719d2a236f19315
SHA1 9b9d9d04607fcc0fed96b5b5034edb35d3761497
SHA256 3c92a8642eaf3ea0d5813dca0c3832420574fa3e9ea5a3cecf911e634ea0d3dd
SHA512 66e9844199ef936c186446c224ae6f5d56de00c7c569017ac68306d7c3048e7ab644d7d26306762e39030a2cb0a229922671e0e41892cbf5f9b180a8ca4dcfde

C:\Users\Admin\AppData\Local\Temp\Apart

MD5 9dbf0550773f32421fe99afa0fd9763b
SHA1 39610012d9fdd570515c9488a00038006e8a8549
SHA256 cbf13d51670940af0cf134da88575a9a38e7a839195f2f1388a17ac2e0fa8d31
SHA512 a31fc5ba847a9297614c3555e256ead0c2db6dbf25a4e76b51e6170fb65f38b3b5b7cc894adb9d08e59c08244dd543d99059053fe72a2e5d86c10d4589371cc1

C:\Users\Admin\AppData\Local\Temp\Juvenile

MD5 278ae66bc53932623005656ddbbe32a0
SHA1 a404315697ba1b3479324730663cc7d7d4f28f62
SHA256 5a45468bf5f82c625f401d31aa2c8b516e0964645e9159033eb45aa1f1035211
SHA512 9cf08e14e99df51267ebe7d2ad01b7a7ee2d6d665c340a82a548f482f40b66b2466fc79fa2ec9ecaf98bab1415a3de7b8b8338f1abd9ba149f8ef7d2bbcf3dad

C:\Users\Admin\AppData\Local\Temp\Organic

MD5 cf7762d19e0f0623b13543d1f356b454
SHA1 bc37f6abf3a260630cb77d25073f12eb8b9d5398
SHA256 b0ea1b055eb4f305edcbc421e65143881d55d7eeb6f296ed39704004a5d772f9
SHA512 ed16d286f7c45ba04949f4e3e8f2883576eba40ca448cec4fea87762e63d8ba32086442e6afb1f0eb318f1f66451f8677ace28ca7b01aeb07285efae4499aeee

C:\Users\Admin\AppData\Local\Temp\Understand

MD5 7e30168c1e7d50e2c6ef93c9d6e2e3f2
SHA1 9de2fb8488a70f4f2c16474e3389f422def081aa
SHA256 b3acc97a3a322b53d1aaaeef8d7746c1cba598729bc0cd9b24582795a10997d3
SHA512 d2c10006bc67b07fbd4fb488d1563f1c85a762d1bade785a2b81d55f0798fe8fc5bb5451fc279b1c31450c424ab60a3ed036d60f805a579c0ca84f71ac6e8b6e

C:\Users\Admin\AppData\Local\Temp\Parameters

MD5 75edf067efda9e3cc8fde0f330849969
SHA1 64d5ad412c1cb28bdaa1fafa12a8bca786e120d4
SHA256 3af0692493b74576c340483d93fd7d966381b6c4c011004264a93bdf01604288
SHA512 984abdfd119a5c86d33df85c0202f912ff504a593702693c157db1d89ebe4c1de95b5871d6fe107bbe8810871c7e099da09a7b7fb1fb44a51e1f3fdd4757edb9

C:\Users\Admin\AppData\Local\Temp\T

MD5 571f67c3113004e7eb92dd59fd03b432
SHA1 f55a0bf4fc7d1988fc02e0c1dfc0fd928e5a3ba8
SHA256 84089c4a196f701bbc9c3c8f8984facd1f8b09a7e42a0d94552a863eb68ba297
SHA512 727065d4f0d5618b76f1a16a73f58f8bd8dca4c40a8eeab8143458abc29e10b5dc02620d675daa9b2386d6c40a9b5853fd086f254748d4828f51cb1db483278c

C:\Users\Admin\AppData\Local\Temp\Plumbing

MD5 603a1788a54eff181675fea1ac882812
SHA1 856976263da5c2ca1e158ca64ffe686d95cb73ed
SHA256 e921f25cc727d31c313d2f824c224722308aaa23bab8d9321af1847311e24198
SHA512 df9b590a5d449d15be499c510cfe43333f75627703286a2431a5350c4bd7c7f8772cfc4649b779e512befe05232f820799b3da44d5e7a2917a3c997dff64e72b

C:\Users\Admin\AppData\Local\Temp\Mothers

MD5 f2fa4085c9836203da702aaf5807a223
SHA1 dbddb60b24431658735d8700ef1224560d18170d
SHA256 c37557c3c2610d4e802359a617c9d9def21b953dcd16098325c8e282b851c1c9
SHA512 d6cb8b30a609859166405511c87bfe97b8b43812a75af29f5a1072ca65e8bf7e305be69eb5d8b5bee8f45976e5ea3c28e17944b4dc4d7f23c14c2d73016c3762

C:\Users\Admin\AppData\Local\Temp\Remain

MD5 88a009e42a3599c0101769a597950f1a
SHA1 d9ab9faa29130c016f72aef98ae3718db881b482
SHA256 c469ee450675fd1fbc4347cb3422fbe9aa24d2b4be12dd7d7f76582461b0dcc0
SHA512 07afb31cd79375678cdc9da4f3a6be6b743bcbd087cddf04ea69bbfa82b5ad8ddebb1b0adad04219f3e6cf22f49f5319f584a5ee73738bce0f26d1870b7f3208

C:\Users\Admin\AppData\Local\Temp\Dialog

MD5 faff724b97e6b193a8eefc19e55facde
SHA1 6a6ff3efa27e0c6e934968ff1a7e51e29ae09a42
SHA256 ef1f3b2402ac52d860a16fc161971fd9942e3aff0a3a2fac5bfa7803678db6a3
SHA512 2a4e48762a0b6dfc73ce9365bdecbbcb1add609aacf3d620bad54442426f97d8546a21bd160a1778a640f2ac7c1a7ef001fdba3fa04335e27618c4f25fec64d6

C:\Users\Admin\AppData\Local\Temp\Man

MD5 01dbb185160d9048d00bb1bdd3c07938
SHA1 32819c7de110e15c31a8dd680d4abfed693af3f6
SHA256 457a309daf64f004686f95dde29eeb67599859674d64e0e66425ea969a553105
SHA512 660ed653c57e8fa22a23e64a8f958f6c73dbf680880f96dc152fe58130a0502d4e6b81ffeca54f287f3564b1592a0cd175851014d10ead334cdd6c52201ed21d

C:\Users\Admin\AppData\Local\Temp\Alpha

MD5 47222f1f881ef527abbd8df3e6b89bc5
SHA1 f99603159528986398469e24dd69663dd8ef3197
SHA256 552cbb33b6240a8313ffd57708f32017ba399bb40c071bb1edad78cc6477700d
SHA512 a730833539816e9554338bb730ceb625726525fc9ab8183ad5dde2c9d8d6f9ff108460e20327f8d145333da148e24f4e6df6fd83b4a9cb8914e511ce79bef204

C:\Users\Admin\AppData\Local\Temp\Speeches

MD5 4a7cbc1c8cac608bf84cfdbae27bf8fe
SHA1 bd9061fe0ec201964875bb9cf542233823814010
SHA256 7a436b3c423c926e5bad881f6c028f5d9456695ee0607595709a8c5f1530986f
SHA512 dc6e6af07cd3847682fdae850ebe2f03515ce91d408b709a1ea68336ba0c76fcdb2e94473722fc05ee9c16a6a611dcbd1c66f36382b6814606f365ba705b4c14

C:\Users\Admin\AppData\Local\Temp\Radio

MD5 3eafe4a1d01e758a8e7250bb5b90289a
SHA1 51ee4d620721fc868b4d9cfba9eb63d97f721f55
SHA256 b45a3b5225e2fb670cab1e92ac051f89ad496804656ca57d54b1d5cbb774dc96
SHA512 f487eb0e03baaa60065646788056ec6d6e23c6c950bea97bdd8fb6524e6731bf41d2f1e262c7fe87a92196e56db24d1a0b2ee35f263ed29581f74c281d3eda81

C:\Users\Admin\AppData\Local\Temp\Wa

MD5 1ecdfc67f9eb45dce1baf96c7b60b360
SHA1 a6c9f498ffc430ab9114ff0ba9035c2dda2f5400
SHA256 20a6c8fd3fcf602246716770cca666a4dddeb1a1f4d415ceaab891d124a4b7ed
SHA512 d7a8252c2eef58f4f546f88ddc3cf03ec4e0f9072334b6ed153d9c6c936d46df27a5ca94c911b6f0ee7fbcfef208a49fafea3b014a63ad17526c8fc2c86d1526

C:\Users\Admin\AppData\Local\Temp\Row

MD5 18fce0f2b91df491ee6ca707b09389e1
SHA1 e90d04524fdad8540729e4bcd48bc8189ac3dd2a
SHA256 f6360e67efd7521aec7bcc385eacc41890aea619d86e59e38ee62345ad5baaa6
SHA512 c69416dadbabfece3a28cb57bff4f82e95e155fef8ae80e1a0f049f8dd69a6a1ed5033d925dbe2541d5787e5ef2d067d5e7f4fa201876c0f6be6def42a870063

C:\Users\Admin\AppData\Local\Temp\Jan

MD5 e90ca6b189f99c48da1ad403bec41515
SHA1 6cbb87b6e22236bb99207094f967c05819e9eeea
SHA256 abdea100bb248f58fab47e3fe071c82a4d167da5158c9734f2a7d5c26422eb64
SHA512 f836bd7b243a287f45c119457eed632713ee3aa76cff41ca4722cceeb6c5ce387a573437dfebdee6dd647984991f29b1d9acbe11345d79cb502530097e165730

C:\Users\Admin\AppData\Local\Temp\Gas

MD5 85d75dbc4668e7bc259324eb7d9f053b
SHA1 15e26acf7f7dbe79c83e0511a453a8a316f81a88
SHA256 362933a7a867b1d3cbe254aacfe23a955f58a8b8e027efc0ffc23a70c07b701f
SHA512 8f91b4123a854aa907522e34bf2e234923bf1c9ee59c098c437dc4ab0674d809ae1ecd4030f445e96eaef1117ec648984d308d2956e145a97b3cc44d2de0f45e

C:\Users\Admin\AppData\Local\Temp\Tie

MD5 aa7bdff7baa7faf2fd46a0a45b0530ba
SHA1 4e037428f894cb8fbad6aed14aef3c3d36f21389
SHA256 c52d512335a80fa95df33b1518d14afdc52871885a9850d570f51c7bf9548430
SHA512 b3014b62b446611ab44877d4e72339f47904367b56e4316c6299459596377b51184c4f4d016172793096ba628bc1a29761015f2a0be10cdf18d1f69ae3232cd3

C:\Users\Admin\AppData\Local\Temp\Civil

MD5 714304c73108ba85de9920ff4ad01c18
SHA1 3143e19c43e8dde46cbc2d086f6542168b3e5562
SHA256 9a991be332c924eaa5cc523c2e31525d978439d657ab55416b57055a5259b233
SHA512 4433d56d361002bf470a24bb269ed11643f16b3593bc927e6afd9131e5f723a284d2b5ad1e5592290890432faf19ebad27ff9e2bd16ea5ccacfaa25f2f41d915

C:\Users\Admin\AppData\Local\Temp\Character

MD5 4a80548bb585fe3d279d80f70347bc47
SHA1 c92a78748ff5090df4a6042253ead82e5a04d273
SHA256 81baa2391af3c963f5232c4b49f7d607fbe872b768728a8bf84572fbd34e9d5c
SHA512 ccbae2de691a8ba38e5b63e7953a03b25f71aac9ba30d5ee472f00b6e48d9f6a4b60241baccaf81859acb67150e50f6e798d80070d6903639587da14f5501d39

C:\Users\Admin\AppData\Local\Temp\Declared

MD5 e328c2d5cc513e286c8547092f0c278c
SHA1 ab87ca29ac41cea51286ff5add55074b46d83eaf
SHA256 2428600a174797a78d42037d169d0c7548c2387b0467891de1d9ce707335bff6
SHA512 3346e935cc10f83d989ee0f7d17b42d5c0548ec2b2d30a2871028ca93b18e8b81543c27f6ed4f3a687df1a1ddc4c754df7663d0c201c824c85cc8130fb4faa14

C:\Users\Admin\AppData\Local\Temp\Nancy

MD5 6cdd62939e55a657d017e070c1052220
SHA1 cf929f6d398dbbe7a115a17bd63b313aebb2b333
SHA256 f4714b6559f28c4f012528449e1ad7450b99a320ebe5edd43439f3b5bdc5b3e2
SHA512 cb7430d57d0ef469fa171d10a2a498927f78dc433da2a1644b16f3c45b92a0f2d7edf0a1672c654d32351251b03a87649fc8475af3c7ae71f5fbea05c38546b7

C:\Users\Admin\AppData\Local\Temp\Tied

MD5 cb5c81d18969b26be84a4ef9181b464f
SHA1 04a116f842c390319ab2f6cfd484fd8b48525c53
SHA256 bb536f4e2711fc5652a9d77a7147d068b268ad797ae99b0496257368812dc1cb
SHA512 2e3dc0c4722ba4346d689f003ee61e4401d8d37c0c1e244322e201a7f1479d441be4b0894130fd4e038b867ab0a0234ce94530b2899c5b0d915cd927a0b74923

C:\Users\Admin\AppData\Local\Temp\Pastor

MD5 5e97dbc2c92d804f7309cc20a0a4709a
SHA1 8c7b7d698c0ccf5331e7cff67d807f2641dc8407
SHA256 3acbc99ffa4002e70e42d0e681e5914a2c33c8308e7e213d706167244e4d6dfc
SHA512 de7dd302e44a6e30112ee34a451f80198933ce9d3b4d53a4f4765e47cecc75191fabe6f503ba357469f66ff49dea13aa01ebf023a1d733f7fc7ddbea93ebca15

C:\Users\Admin\AppData\Local\Temp\Fate

MD5 f19f7d2fbe1813957e49f88e54aba506
SHA1 e13dba7fd19545eed2c4c4a78a6fabac8d11d515
SHA256 0d3213565fab68ca09d1518d4b00ef029d129bc91cbac0e6c970c0373907e089
SHA512 6aa3cbe89600fd0858f60568ebd9df90561b3a4418418020fa5d3fa4a1a988155d75ea777407e54989d421f568db756ed40d90afbe807c15f49f2f40eb0bb299

C:\Users\Admin\AppData\Local\Temp\Da

MD5 0e7adfd8501fb569649e3ffbbc171f4a
SHA1 34dfcf9e9bb87b85f439558bc484911e074fe5d0
SHA256 1d33c3344ffc146b4a879cebfc5cdc2a1856e14358a564505b64b6d7328b6933
SHA512 faccabc7dc20aa7debf95017dc4e7b4bc45c7be6142466bc9c087864945fc37507dcadbb8428204a071d63fad3f520f4d65de2fece030da589e3c18f3318c8fc

C:\Users\Admin\AppData\Local\Temp\Intel

MD5 6acd46af1bcdd39cfc4d33761ff72c41
SHA1 a68d4a6e4afa69785c3ddba029efcc750835b81b
SHA256 e6c8a1ba18188595962e7dab469f6f4a441fe653d1c32ae8fd31fea4cb345fcf
SHA512 07be26a34dff1a51159bc86c7f903271fcdaf55f4ab09209b123854e3b074e29fa9301c479700272d2e21f2547b5610f66629ed109b612611a23d695ea9aeb8e

C:\Users\Admin\AppData\Local\Temp\Religions

MD5 17eb87a299f1316ea53fcbfc4b596fcf
SHA1 355318441d6f323caca8c50841cd6cf6bb9050ed
SHA256 1d78892c1ec9abd22e56733b0b1b258641d42a6fc6fa7925458c503175f46913
SHA512 82520963a2e46acca4164fa36a5e341393ecb2775bad63b8cdcaa2e8e512eed7e1611b71afeb74295d07ff3ccac351441be45f94fd0b0693678ed81f4d0175b9

C:\Users\Admin\AppData\Local\Temp\582933\Inherited.pif

MD5 b06e67f9767e5023892d9698703ad098
SHA1 acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA256 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA512 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

C:\Users\Admin\AppData\Local\Temp\582933\W

MD5 e4b0b4e2636a47021c622a788ba875bd
SHA1 55a5298d9e3d0ffc0dc0c6f4ac7faa5fa33da666
SHA256 b48c991a4edfa886af52b6ce00ade6171a7027dfcc2a9f6444d7eab305f961c7
SHA512 3172f19fc21046fed68b6045ad7a74580f820c05e9cfdaee0edf023b83040c60d67e0178942d3cc484c00fb70c1a73a8287c4c06e247ffa7ff6b2cbd975dc323

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScanGuard.url

MD5 aa6c15e77cda361c394f9242cb552cc6
SHA1 83b9cf90918a6738ebbd462e97e74376ba376977
SHA256 9ab1a5b58c59362c88ab89d7d143d5d7a8a2c3c9a5422d444d26429addefcd18
SHA512 f2efcf6ad6b0e0c61d8313561c7382a993aab188e29be980e8a732ab9e4c3befd672a9ec5459e07ef1791178b2eee801e5b586f8d1495bb173d311dab5c0a8c7

memory/1572-903-0x0000000004630000-0x0000000004687000-memory.dmp

memory/1572-904-0x0000000004630000-0x0000000004687000-memory.dmp

memory/1572-905-0x0000000004630000-0x0000000004687000-memory.dmp

memory/1572-906-0x0000000004630000-0x0000000004687000-memory.dmp

memory/1572-907-0x0000000004630000-0x0000000004687000-memory.dmp