Malware Analysis Report

2024-11-30 05:28

Sample ID 240711-nbm5estfmn
Target https://github.com/HossamGouda/premiere
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/HossamGouda/premiere was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Lumma Stealer

Executes dropped EXE

Drops startup file

Checks computer location settings

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Enumerates processes with tasklist

Delays execution with timeout.exe

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-11 11:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-11 11:13

Reported

2024-07-11 11:15

Platform

win10v2004-20240709-en

Max time kernel

94s

Max time network

92s

Command Line

C:\Windows\Explorer.EXE

Signatures

Lumma Stealer

stealer lumma

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 4080 created 3428 N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif C:\Windows\Explorer.EXE

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Adobe Software\Setup.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\zenpulse.url C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Adobe Software\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651700240113958" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4460 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/HossamGouda/premiere

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb290ecc40,0x7ffb290ecc4c,0x7ffb290ecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2000 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2288 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4632 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5088 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Adobe.Software.zip"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /1

C:\Users\Admin\Desktop\Adobe Software\Setup.exe

"C:\Users\Admin\Desktop\Adobe Software\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Branches Branches.cmd & Branches.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 492839

C:\Windows\SysWOW64\findstr.exe

findstr /V "HostOwnerInteractLibrarian" Success

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Recorded + Illegal + Debut + Assigned 492839\Y

C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif

492839\Loop.pif 492839\Y

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\cmd.exe

cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url" & echo URL="C:\Users\Admin\AppData\Local\MindWave Technologies LLC\ZenPulse.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url" & exit

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 MunoRMazdnbrBmoPZHhnMyC.MunoRMazdnbrBmoPZHhnMyC udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 whisperginkowp.xyz udp
US 172.67.132.142:443 whisperginkowp.xyz tcp
US 8.8.8.8:53 bouncedgowp.shop udp
US 8.8.8.8:53 142.132.67.172.in-addr.arpa udp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
US 172.67.146.61:443 bannngwko.shop tcp
US 8.8.8.8:53 bargainnykwo.shop udp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 8.8.8.8:53 affecthorsedpo.shop udp
US 172.67.135.137:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 61.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 radiationnopp.shop udp
US 172.67.196.169:443 radiationnopp.shop tcp
US 8.8.8.8:53 answerrsdo.shop udp
US 104.21.44.192:443 answerrsdo.shop tcp
US 8.8.8.8:53 publicitttyps.shop udp
US 172.67.134.88:443 publicitttyps.shop tcp
US 8.8.8.8:53 93.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.135.67.172.in-addr.arpa udp
US 8.8.8.8:53 169.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 192.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 benchillppwo.shop udp
US 172.67.160.230:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 2.22.99.85:443 steamcommunity.com tcp
US 8.8.8.8:53 reinforcedirectorywd.shop udp
US 104.21.83.48:443 reinforcedirectorywd.shop tcp
US 8.8.8.8:53 230.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 88.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 85.99.22.2.in-addr.arpa udp
US 8.8.8.8:53 48.83.21.104.in-addr.arpa udp

Files

\??\pipe\crashpad_4460_WUWIQYCNAGFSXWHP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Adobe.Software.zip.crdownload

MD5 0e0d71f1d24e8605eb0512c6360cd797
SHA1 84aa6c633a697e51718d16fff7192ae5449900c4
SHA256 1b7767a6a3e01cabb93bc128c8a72975e288e4bceab39e58daee9638a82f28e2
SHA512 ecb3178868990a4ca7545deebbd15757ec269e52e0504f885f661a8b3aad219c507d3fcc619bf90040d91db06024a03c9f40f5620320b25c75bc8c5266f580d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 02027d14370305450142a49dee14a050
SHA1 03ee2b3e92d435c8445054bb70dc4d85edf6f94b
SHA256 d4df3474c43a2c9698d11e798d3d21f4837bf777b95e3279cd12ced9e8658de2
SHA512 6aa5a83b226bf7e694ecd9ad8526c84d1749c472c39d77a21969fdaa254f2b65c0ab55c5983fe6f2c3f522f28b4a4fbe6c93dfaa3e32ae36f00153ad3ba7386b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32cb9062c7ab14e277f8fef89a902f7e
SHA1 2d766498fb681a3c0864d564c7e2d473ee130802
SHA256 0a23e184fc3f29547e2b55fa3a1ecc64ee34a663cb1d228c668edc8c51873461
SHA512 e98fcbb161b81d0ac350c1fc20e32eb805fa727e10cf0f20d7888ab92d7009033aec685ffb32c85c5e18f5f5a869563a17e7c78a7b455ecafd774b53bb95a5a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1353f807c9c82e293a02e9ce898758c
SHA1 9d34a2a91f794b8271e12d3d8d26f77d9769b8cd
SHA256 f69bc4e978f3a1495c9dd988e3384897eb6eb227f164e74193086a92d3b7490e
SHA512 a321aca0180be390dded5056fbab1b84f2278ebb1a31d4dbf2f63956cdf7af19b4e1a310aed34b380b2733a53a45619f617ebbfaf66dc7c194c01ffa44b75d93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 44564b041f60d33bf1101c74427af0e0
SHA1 30b2c5e803c89df45c9de230b8c8f57eb3a2d784
SHA256 c17d54a0e153d149fc94ff7cee6f8484928c7230370bfc0e53fca310dfacadac
SHA512 fd9dc48d191ea7606807bac85652bd35a44d0e41705938c5acf0f29b2ede392b8af70f070e797d1e2653e5c6c1239aba8b6d6f7cbd962dbfae73583653feacd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e2581af68eba00ac24db94acbfd85eea
SHA1 671e8886aa2d732e3e922fc85b11f77a55f4fa94
SHA256 d9a17c4824072800d4853f1c70964b8a180d311cbeb54a4f4bcd4b43aef9e65b
SHA512 0a2044b72e0b2e1cac1421fd4c09f4843707521d3f6f90f03dfc6289b185252449538472d61b0c8163c2ce0e21ac32ab1d9dcd727f4d382602586611d3feeca4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d773c2574ce4f9a364c5a191b8fdc7d0
SHA1 4558cb9221c79592650b4cb2c257f8be55a79007
SHA256 6262fdc8ac695bb1df42e287f89f373fcd495de82894d3f44db8c375f15da10a
SHA512 6f469eb2f58cad9dd60120123f6154f5094a156d323a15a2bb11d99f77c67e479bc3362e4b1eae2837cd7fbbbe3e2ce49b0eb5d9af1a60d26a24d81198c34921

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/956-387-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-388-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-389-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-399-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-398-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-397-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-396-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-395-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-394-0x000002954BB60000-0x000002954BB61000-memory.dmp

memory/956-393-0x000002954BB60000-0x000002954BB61000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\Desktop\Adobe Software\Setup.exe

MD5 4feaa73d5ae0b0ad580f6bbe51dfb43c
SHA1 96dacd29fe2fad08335d7c02cde13707f9791c77
SHA256 a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969
SHA512 f70f6c844c37332a1bf10f68fd2e8b0ef10fe771fb464b129311ba3652ed09f9a1e2221b0fb29e7f211b9d590b24fb3153e685f42d73dc9552d3ab8a11612d74

C:\Users\Admin\AppData\Local\Temp\Branches

MD5 292220fa1aebe90c0ca13549f9ab2218
SHA1 4a6488b9c81414963d31bc4fd5c113375f2bb45f
SHA256 e6bc87c8fd98e7fa14b252ce79b063d8750ece12c85309ff926c6c9973ff0c28
SHA512 62a1ff5b3385830cd691fb4f2274d91af39fb069da301c8cfe68d49cde777aae9df8204ef8b55c94056915cbf88755d8657a66fe228631796a18579e175b1c94

C:\Users\Admin\AppData\Local\Temp\Success

MD5 149e1d3118d551528518afa8adcc7fe1
SHA1 89c7bcda52b2617961108f38930fac29f3586c3e
SHA256 f4d5abc79ca35284a3988c1dec63f9029fad2ad2208648f6914739d94e3ed95a
SHA512 5f19c7474f38c18d7e5780a93a239831bf31c7993c12c1adb3e1b1e04488fcd11c301bec3992f622ac0aca1f466bdb101f77acf9aec684fe7b384373839e5853

C:\Users\Admin\AppData\Local\Temp\Victory

MD5 d09b603849fed4840ac8dbf058db87ff
SHA1 02a7f3bf022af0d7b7107644091b2edd207b60fe
SHA256 ac2e2390912b10f6cd9560bbcc4d1bb8ee45c1f837802535e277b77ea6ec5811
SHA512 e867610027564adf81bdd23217dab1f6af60a5bfec910b11701462c0f894004ba54e09cd384c0d3d0381e87e62a26d5f3083ad4c7b29c9a072e080ad42236910

C:\Users\Admin\AppData\Local\Temp\Tutorial

MD5 f75a14dca5073999666e3533d5c35b40
SHA1 dbc05f940924f29e18bc33caef13f1eb9d12279b
SHA256 a8a0b9d251cb0295fa9d6573659625654be279cdae68a96a02e64ff0da6e4deb
SHA512 146df7544bce76da40228360b95b05add3dcb9ccd4107906bb87e7a938bff702fb4ca2b6a69ddd8a6da38c79c18ed2f900ab4fd9c87c24ed6ea3ee5b11760a52

C:\Users\Admin\AppData\Local\Temp\Days

MD5 4522f273e25f477a64363257d468e7d7
SHA1 d53bac65884ddef6b0ed35f536cebe573aa72ab0
SHA256 f60fa406a31acf2b2272e6e44f2d6a888561698052ccd55c335ce335fab06430
SHA512 8dae807e022b6a05026232c049d2e8bd940720880ed2e1cad1d3e177ff8be1d4da51cc351bbb7e2e2763b52c2823e3b90117edcc1a40ea271bf51fc38243c401

C:\Users\Admin\AppData\Local\Temp\Seafood

MD5 0612da23c966bcf2d963d9817f609b2d
SHA1 98d98fe4cfa5d75e3171dc739f10c97503a93d83
SHA256 6feb1095fe8a2db4f28a2743638f14d2a426f5675b9930313e6bb33fbdcb3a59
SHA512 e1ac51f3c9d4546cac813d92df771aaef3e376997bbbc93d081a95a1b0867bca2d3f4d337d9dfb8d8097e3316d78d82d5b775055ca91fd2e00627bb575c02eaf

C:\Users\Admin\AppData\Local\Temp\Thanks

MD5 5985ba24a4e055667cabfab081e6b6fe
SHA1 f0406b101432bfc6e365e001e4da9e01c12d0617
SHA256 880917b61e03ef22af3dfb5c6fe15c93f1587fb731622cf0317b0be4088079bc
SHA512 8945fe7f4dfd25c2acdc704a79a0c1dbd7ca5bc297c8cd44da771bac93cc11e1bb2619a9e8fe16d70eadab065b20e5c8b63b9783671dd2fe3f336a95ed6b8a7b

C:\Users\Admin\AppData\Local\Temp\Drove

MD5 325ea571270daf745b869785949fbac5
SHA1 12dc723a9d00ec39014b63615ada0dc496ed2f41
SHA256 9071174f468c21c024c41f917d22c35d117c1822a296df3cd48158d7f6c9b6f9
SHA512 7c3680b3feba5e5a5bba43c133932c45e0cff66750c044c88224d1d327aedff780cbc9570170f13f113e69760a736900d0588ba9cff8c08779a888586c10aeb5

C:\Users\Admin\AppData\Local\Temp\Planets

MD5 b6e07fee45bed2329dab08bca45cfc7d
SHA1 b814c34b36d0d6be71bf99138f9cc8e32779e9f0
SHA256 b4d2108ef2858a00f12fa7bc669a99d9d366c44632e480702f92f6425be88e2c
SHA512 5b95c761c5eec0375857278ee599599c91402215e79460fee8861a4a4beba5390eebb58cafef6da52d8ce6e25fd6db317c138d69faa97ea99a8c4eec151610dc

C:\Users\Admin\AppData\Local\Temp\Ready

MD5 40b24a61b68b391e5a4f9b7d6ead1835
SHA1 ffe4d1ffe718588ed37d94f19d69fd62b43ae853
SHA256 28379515d3c26ceaba9128bd814dc7a7275b978b3847d8e90758ff2794602f8c
SHA512 929a10634225fbaa8e14ee18b2631ba18f1c283e064a5274c9745ecaff9c6a440c69f13cc7ecf8f41cc72e3fd1eafc113a5915222c3535371c6155143c1166ae

C:\Users\Admin\AppData\Local\Temp\Restoration

MD5 b0be85a70ae8b9a60d19aae5dec8d458
SHA1 5eb543634be6fe71447f5dcc5e26040ab657b5ad
SHA256 b5a119b169bc250f312b21e5daa0223dc7bb47e991098d12e7fee514763b3769
SHA512 976e144c65850c26d92f9936c6fbd23960fa2ce325a069bd787a8498b41547941427e7087de7887ae0881803cb69cef3b2b111086fc263f9ae4f5770e61e2e3c

C:\Users\Admin\AppData\Local\Temp\Solving

MD5 b945305b3da36975d73812c394e6f1a3
SHA1 3e50dc13aca532fe8d1b2efb3b92f72219e77843
SHA256 f37007ce70c4ab740f8f682f8bc3322a0991cd2bbb954c65d71f7bd54b0c4a89
SHA512 4a2ecf3d64b1802885c5d243f8844f1006812fae951fad08f36fe64ccd66d9380166ead29d8e47fb18aae19bed32eb462712402f5d4fc5868f165128c2432daa

C:\Users\Admin\AppData\Local\Temp\Wiley

MD5 e0330424dd73ef6e836cbda57e496117
SHA1 a2ed657834a524440f983b00b6df375c90a7c85f
SHA256 cb979170d67f09bcc06aa39904dca1a78039761054e0b09082e3a4fd14941bc7
SHA512 068076cbed9115cc5c53f739b247623a1868fb39ce7f8f2f2b8eef5956106c03648d126d0c20b93f7a6ad1e0b8e172bac64cc2b4cf1003f56dea193d2dcbaaef

C:\Users\Admin\AppData\Local\Temp\February

MD5 324453420dafdc5dcf4c64fe5294991b
SHA1 1f91a4c62e7500b350dd5b7a2370a2a79b6d0c45
SHA256 d914b0c6d1e28798d1612ae5ba57d44500b805b9b4aa3449af5154036ef27f46
SHA512 eb6cc3dd88dbf6c2a17f739e7051325480ba771eb914464da5e70c31a951ac7edbe818e8d3b84d5331f02b230f731dfba4087974c8ec75407da760ccda509d1c

C:\Users\Admin\AppData\Local\Temp\Laws

MD5 5185548ad509b92015f71d2400e53b7a
SHA1 d4d6501162f0c6a9fca5a96df42d5f3fe58bb518
SHA256 6f9adcc7c2572c126590b5a37835289213fab6507a184a440a4ae0a14106c241
SHA512 182f3e9893944e9466f107b885684c9729808f5e3e88673808886f9278288f55baec2ca9a1cd47c7c7f73be391d90dffa37f355a009bafb22c7408db62056769

C:\Users\Admin\AppData\Local\Temp\Rpm

MD5 bd969150e43e9b571e09f9f4661c2578
SHA1 3c10f94e128f4403b110a6bbcf0c432fff579399
SHA256 f6e26fdda09bb6789cfc46c14f3256c666dc36bb4e4858d5dc4a6baabfb204d9
SHA512 b785e0d2686493dee62d5650afc52888d7a4dd7a361973ec05a229afba23108b48370813428188670a95f2f4c292d521fb0433fcc0ae038662cdc0733199f1a3

C:\Users\Admin\AppData\Local\Temp\Bedford

MD5 af65a035ff63ca41798c083097a61e09
SHA1 119ab40e227a88c5a204d0d2296a6fd72d8a3e16
SHA256 33f7d6aec3bcd9df73d5d02424bae30efe58d77e099f3fd4bb7631d64a53eb40
SHA512 7aef32cb7e8bf610603a4eb906256091a19003f918cbc68baab27c850f415c8a95d3225234a77eca76b787b9bf22b2da4233d9c1e8c6cd6842f27ffb1b01a982

C:\Users\Admin\AppData\Local\Temp\Experience

MD5 08190bd96d08787e15e5b54471c98185
SHA1 bb22a3e100d39670182eb0d998c0f29e7e77fd34
SHA256 ab16bac8e35b2f790f281b3c7787f4a6dae9c6f328c5d081bcae46a589613569
SHA512 1c8521b43b09c312bec2853d51269a57f8f8d22f9f5fb368e4ae8ee6422e5b54e581e7c3afeb7326c30464a5007dff4af38da7c8382900a95c63ef28d791d304

C:\Users\Admin\AppData\Local\Temp\Bradford

MD5 cdb81e9dbecfd854b501b2ee56f7700f
SHA1 e149ca0edc2d44b3bc9a941a5d05ea4e4cddf088
SHA256 cb26d988c4d5bfe8a8b1754bbf4b4ae8435c7c4ccf8313dadd79f569d41cf54b
SHA512 d5acb8a7e7d43ac118e2432d524383b156a55c13385816dcad25c8a4bcc4863f0844b53473a58ff7d0e45f03fb21fe4f9d8163133e150935cf5233da680209eb

C:\Users\Admin\AppData\Local\Temp\Consecutive

MD5 e907c3e11fa705739b4fcaf50d82b3cd
SHA1 54f48b916acd47e0c2ccda8a2a3e70f4703c7ec9
SHA256 05d67cde7168d85a5593ed861d476451ebfc3a25612cda708f5aaf86af44901c
SHA512 90331a4c184c376f926237f9995fb60b4a114781159e8c388069639790ee8d9f9a278985b057e0ed3d96b89a9a3e4bb26b3780cb4f0dcc848e48caf2629d4ad3

C:\Users\Admin\AppData\Local\Temp\Defense

MD5 8905ddc79bb3e64515ab4bf31b19b987
SHA1 57d645e7114680a92fdc40ec66f84462f36ef62e
SHA256 d75e3331de9374fc70e8b57f640173407a67f8cac29affb5a370d2fd61ccc083
SHA512 d42a08ac1d6a655fc4aafd3fdb750dd3b3dba745443e38fc8b5c61ffa29d2b5825916390b8cf02f1fb2d07ea624721ac3547c10eaa08df4a90bd5c63f0f28137

C:\Users\Admin\AppData\Local\Temp\Danger

MD5 593b867ccc2bc75898ac76a232085f76
SHA1 561bb48a0880bb07e2ad23eed7911173150de94d
SHA256 fc140966fb51e6865572424afd942c3cf67e7a2dd07b35eefcdbf39a7a91a39a
SHA512 e267695d062a2f8d4b2e8978a49b40983fc712f1d5707f03461596a34d039d13dd669c617e35204416d1ce728796727a95b599ca98f452e3a4eaedd15fa7ee7e

C:\Users\Admin\AppData\Local\Temp\Customized

MD5 df32c68c2dda2e2b3d15506463abafb0
SHA1 53c319b848cdfa1c727beb691629172d49642f7c
SHA256 4fe0bb161013575fb47afc8fd4daec14bdbe1aaefefcda36d853c6501d3db773
SHA512 2c511562515d3a6ac4bb5b34dd1114a4d76f851072414928d81ff328f063c9eecbd38bbfad8ebcb489c5cc02ed2b07d483a1b0d9e0a0087def4305eb7ae827cc

C:\Users\Admin\AppData\Local\Temp\Addressed

MD5 2d3857b6df976ebb47af251dba688f05
SHA1 d7b12267d90c7ea2d5a5d668454278f029bb63b3
SHA256 5e8f6f3b2e13a28237aefe9e16e5e13f8683374e3d19689bcbca5381b398781a
SHA512 842cf4347d2fc38b98a25a57f6f7299984a7563baa9d21bc9717bb99b98f82730c3beafce5fcd877d63c258e7fa4830e5ca921311e670a77b2f9a278fa59b4d9

C:\Users\Admin\AppData\Local\Temp\Lid

MD5 57f071c155464739a67d87c9644ea14c
SHA1 7749932d5a95e8eff2b5ddd9c7c54dad707a65d1
SHA256 a90f6451155ea62257f69a886dd89ec4af3f970fcfd3d2a3013ee43c62cb18df
SHA512 f51fa0529f38f59ec4ac1c1973c0d78ef1eb5399c4c938631f94d01b5200fdfec39894eb637469de13c88503902eca05c390fdd314751a1ddbb63a4724a67353

C:\Users\Admin\AppData\Local\Temp\Replaced

MD5 1a4ca19f1625a101494ca8d500f8bbdf
SHA1 739cd46c578d8480420b8ffa6936abf0de08a585
SHA256 1dcf638484bde4328f544a2ac054863121e88c5e0740297c68866572a66a0001
SHA512 f4b6bc54542770df70fc165fe00ad37e65a58a510a0250336d9d23c1b28b92648bc27a00e5034ed5cbe9871072144816418a2ef5a43c40ebd3e9db756b1707ac

C:\Users\Admin\AppData\Local\Temp\Warrant

MD5 f6b23c0f817e70853128854d111480c1
SHA1 c0d4c6fdbe8e9df4644ec585d58d8ef39d142a32
SHA256 6a88a3aaf9b6ebc4787d3f53307499204d8e89dff74d838873cc5cfa5691bfed
SHA512 9f87bcb59149400997db55ca8fa09b61facda376268e7ceafa11bbb6f5c17ad8388aef3d197a8ee03cbc4a0b7fb87647b4c69b0e8d5f6a23c3d402cc66fdbd36

C:\Users\Admin\AppData\Local\Temp\Happy

MD5 8a742671f27793b749feac4047ead5d4
SHA1 42e95f3a7ec41e0f9197035762ce21943c9e59ff
SHA256 c8dc8f978bf654f736b0278526a2b6f5be5e9d2b83af413deec67dfcd11db469
SHA512 8c989b1e86347d12282fc4b3556c1ec3da7eb0fd2bed0d040d0a78061f723a32f53e96c90322d3d578c93f44679a1ab276ed77a1c1a4f3b85a939e3fdb80b57f

C:\Users\Admin\AppData\Local\Temp\Though

MD5 e75c740d75ecb3dfa46d6def9c206756
SHA1 8924535bf888d22d7a86177bb9d0ced6396c58d8
SHA256 32d633ac17b63db46af4592e605cf4dd3362f086768c94f7b3a013c4c588cdf5
SHA512 d75d688a5900263ec0f02ebaf9b4279573b7e4ec4b5a25e61eea6efef222ac2b493d1a7104212fe0720ed243d112114b77e36d46215f75e0a57655d86a17e63a

C:\Users\Admin\AppData\Local\Temp\Recorded

MD5 685804d09f6c2325a9f49912fae69495
SHA1 0f197e033abe07bbc9a2a65ab4d5f360b356507f
SHA256 27f6eb940e623f459401d694220450ab620125f1a1119d4baeaba6c955c3e55e
SHA512 8fe27bd03b352e9e743314ad59106875dc56dd153eecea07632e8fc45b3398f22f3a4b665e59276ca9e150caca80ef2ebe561ea451ac09e734a85b300163cc8b

C:\Users\Admin\AppData\Local\Temp\Illegal

MD5 449b06684e3a98da86ebc29b2ab2bf65
SHA1 16e42f5e4b9fa8efd6365a551321872cf86d9fb3
SHA256 035d10d74ab970e57e13f16c6c1c148cd7413019937c9579b171d812a01d2872
SHA512 00c5a4bb4df9c4d84190817498f134e6c7767ee7f20598893b67b53587f5b5d2c507cdd892c04df33d8dec351052e26e2a7c2aacd539cf01921048a320eb794e

C:\Users\Admin\AppData\Local\Temp\Debut

MD5 4730f7f39098cbf5f4ad158b3f4024f9
SHA1 7849f3803e54ec64aa455fe12f055889e02025e4
SHA256 41d0127c475014caa33afb338e922eff32177d807576effeb7434ca933044787
SHA512 a9e71e75b6f6a69b9b3b86330ac9475c8707ddef65972566a84f73ea5eeadfbde16533f20d1accf9537c78c9c404748126453fa5701bd4dc6965f78ace98027f

C:\Users\Admin\AppData\Local\Temp\Assigned

MD5 ba77e44a07d2c686888b61d1116a8a1b
SHA1 7a2c889bf9f1b1f88040362c5458a02f2cca6f6f
SHA256 ff1033c08821682b4690e067b6f624a153d6226b52e976ed9a0256e64b462d84
SHA512 520c6a952f0cb22aff00896d9e304e83552f0930279aad6e19e80f1d71b98f563b2766cbd3085f5460f46db333448e6134d6a25b0c8251521187a89864e3cff9

C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif

MD5 b06e67f9767e5023892d9698703ad098
SHA1 acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA256 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA512 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

C:\Users\Admin\AppData\Local\Temp\492839\Y

MD5 d14230bbba52cf07e55df2d5bed137c9
SHA1 d9f07677fedb949ec63cd9a0c2b0709398227071
SHA256 7c56e2340d3e51b703e9354aaf472966ebf495cdb21b5f5bc828ab782b02f2bc
SHA512 f4dc959d43ee2e852a22c16e9ec9a39d9cc4fde546f5b0b9010dd359f6dc3d97ae74aba893dadd994c335a7f3b7d88197f6feeb672aac03092e651dce1fd062c

\??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\zenpulse.url

MD5 353795816ae5b37d44a9024159d27ea8
SHA1 4a2376ab8738d2394cb0e7a37d73c9ec29122b20
SHA256 c0fc703b325b80cd526b0cf1aaa1a1bfebbbfcb68a00b2493f690b950722e242
SHA512 0ed99579906d2f8cbb891173e58299d2e211e4981dc7719cc2f8120bf8dd08870b086a6e0062dd4ee99593bf12bc16ed855f384a53036f0823d47d525e7757bd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url

MD5 d96374b72e3ebf091bee4ad24f8263d5
SHA1 705afe970160e9719918222d4b7854cc14cdfe01
SHA256 c61e7d7e7e201e82991902c3515cf2249a12897feb2a1aa1350ff4e6333cb269
SHA512 cdf986970a7fdc85bae66d62a635f773321db317688eeabb842b3026134572e4203bf91cad6d7bcdbff75da6c9868be5e1e4b1fc7a572ad03e4d7e1efe828c38

memory/4080-832-0x0000000000180000-0x00000000001D7000-memory.dmp

memory/4080-833-0x0000000000180000-0x00000000001D7000-memory.dmp

memory/4080-834-0x0000000000180000-0x00000000001D7000-memory.dmp

memory/4080-835-0x0000000000180000-0x00000000001D7000-memory.dmp

memory/4080-836-0x0000000000180000-0x00000000001D7000-memory.dmp