Malware Analysis Report

2024-10-16 05:09

Sample ID 240805-18s36azgnj
Target AA_v3.exe
SHA256 ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a
Tags
ammyyadmin flawedammyy bootkit discovery persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a

Threat Level: Known bad

The file AA_v3.exe was found to be: Known bad.

Malicious Activity Summary

ammyyadmin flawedammyy bootkit discovery persistence trojan

FlawedAmmyy RAT

Ammyyadmin family

AmmyyAdmin payload

Blocklisted process makes network request

Modifies RDP port number used by Windows

Checks computer location settings

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-05 22:19

Signatures

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-05 22:19

Reported

2024-08-05 22:22

Platform

win7-20240705-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

Signatures

FlawedAmmyy RAT

trojan flawedammyy

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe" -service -lunch

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

Network

N/A

Files

C:\ProgramData\AMMYY\settings3.bin

MD5 fe3021c5560ff0203b1d54c4fa226eeb
SHA1 190584443a13231eb29358a8f7a04649c4c2eefb
SHA256 37360750e27923b82d00a9af6aa0d12c4069d7005e13debab28de2210335a252
SHA512 6ea71f53818a3a69668b4af2bde7b94dae9d806acc57ed7bb9df67442374dd8468af614d5f246af045b68a2630c1391985737478d945238fcdd78f5b53f4df0f

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-05 22:19

Reported

2024-08-05 22:26

Platform

win10v2004-20240802-en

Max time kernel

390s

Max time network

384s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

Signatures

FlawedAmmyy RAT

trojan flawedammyy

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A

Modifies RDP port number used by Windows

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A82946818BB0433A7DC1AFD2189B16AF C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A82946818BB0433A7DC1AFD2189B16AF C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673700721020252" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin\hr3 = 5c2125debba81d4ad005834c0054bf3a3e24d6463b8378ff231edff9c7abdc9d214c2356c593d3f3e3388b941c59b20744866cd9eab8afa0605147402aab4143381af76ce7a31a2c16bd5d C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Ammyy\Admin C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Ammyy C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A
N/A N/A C:\Windows\SYSTEM32\rundll32.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Windows\SYSTEM32\rundll32.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3428 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe C:\Users\Admin\AppData\Local\Temp\AA_v3.exe
PID 3428 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe C:\Users\Admin\AppData\Local\Temp\AA_v3.exe
PID 3428 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe C:\Users\Admin\AppData\Local\Temp\AA_v3.exe
PID 4832 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe C:\Windows\SYSTEM32\rundll32.exe
PID 4832 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\AA_v3.exe C:\Windows\SYSTEM32\rundll32.exe
PID 2908 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe" -service -lunch

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe "C:\ProgramData\AMMYY\aa_nts.dll",run

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff3753cc40,0x7fff3753cc4c,0x7fff3753cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2108,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3584,i,12065259662948401693,2582193193030359234,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe" -service -lunch

C:\Users\Admin\AppData\Local\Temp\AA_v3.exe

"C:\Users\Admin\AppData\Local\Temp\AA_v3.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\AA_v3.log

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe "C:\ProgramData\AMMYY\aa_nts.dll",run

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 rl.ammyy.com udp
NL 188.42.129.148:80 rl.ammyy.com tcp
DE 136.243.104.235:443 tcp
US 8.8.8.8:53 148.129.42.188.in-addr.arpa udp
US 8.8.8.8:53 235.104.243.136.in-addr.arpa udp
US 8.8.8.8:53 www.ammyy.com udp
DE 136.243.18.118:80 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
US 8.8.8.8:53 118.18.243.136.in-addr.arpa udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 23.200.147.11:80 r11.o.lencr.org tcp
US 8.8.8.8:53 11.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
DE 136.243.104.235:443 tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
DE 85.10.193.220:80 tcp
US 8.8.8.8:53 220.193.10.85.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 172.217.23.206:443 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 rl.ammyy.com udp
NL 188.42.129.148:80 rl.ammyy.com tcp
DE 136.243.104.235:443 tcp
DE 136.243.104.235:443 tcp
N/A 127.0.0.1:3389 tcp
DE 136.243.104.235:443 tcp
DE 85.10.193.220:80 tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

C:\ProgramData\AMMYY\settings3.bin

MD5 50efa7fdb51c22c52b19842d38440921
SHA1 60e6479dd6a97581be1b8834d57f6cf58cb43508
SHA256 bf2afc8f0fa88252352bb97f028aece439671a2833f68676580e82767aa44868
SHA512 03d6a514f4bb281b058f30574f25abf51819fa9d7f1e685093991096d8f74a4e7b5a43c951a03a2f9f5826fd84c643550e15c7ac21ad8c6db9c0c06747d72ff8

C:\ProgramData\AMMYY\aa_nts.dll

MD5 480a66902e6e7cdafaa6711e8697ff8c
SHA1 6ac730962e7c1dba9e2ecc5733a506544f3c8d11
SHA256 7eaaaa6010bbcd6bb8c9ad08d4b0966c7aedc9b2ac24758f170012ac36e508b5
SHA512 7d010cd47b7d1adf66f9c97afc6c3805997aa5c7cc6ff13eddee81f24cf2b95a3fe375ec5b3d6185c0bc8840b4ad91ae143c73a39af26391cc182ab6a1793ba5

C:\ProgramData\AMMYY\aa_nts.msg

MD5 76038623e270f399769df67a3ed15c16
SHA1 ebf7d7537f45738be48e6f64d59c846b13fb4334
SHA256 4dbdf4f709d50f9521e92ce5f7d4f305e2384bcda387fb2b325ff17d205bb687
SHA512 a5316694d844e5b10c589f58fdf65645568b3909b2914f85c99195f9625e4124f787bc0980cff98f1e8289ff84824620a03f32cdab18e5bbcb2e59b33f397aec

memory/3484-17-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/3484-42-0x0000000064200000-0x00000000642EE000-memory.dmp

\??\pipe\crashpad_2908_LWSWCQONMIALCIRF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\AMMYY\aa_nts.log

MD5 2acd910f55c1ad33367c0fbc177780dc
SHA1 b3c61063fcc1c9e3bd4e04ca5419f82a7ec51139
SHA256 efebf7af0030ef7ab044f36a5c78a8e4bca62bf47b9bc72aece5395c69d4ca57
SHA512 4d4d53c9ce73d51bedd657408fa0ec3789ebdb4996161eec91dbf8b167243f249daaf47e92415050ba2da886402e49a83e8cac350e56ecf05e13c10a1603b248

memory/3484-89-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 720c82760c6481459e97db40b2b96618
SHA1 f40d92902f126d857f1d260f5662e24ec8e3f3b6
SHA256 3c70fb8149f646db9b485369cc510531e47fb344f93f14b0acbf66da8a5dc6c9
SHA512 695c809cfe8c391b0b77394834d6443d8b3da9d99509b0bb05862d670844d88a355a1daba30d55d8780b19eaae7d061895d776d3f02a95787615741139342ebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6de585e2-83e8-4a0d-9e8f-ab0c8233ccc7.tmp

MD5 2742b50b61fb3d3f86303ea204edadbb
SHA1 5f2b78ead11e8ad38c45ec93795a233bb0d2d394
SHA256 0badccc03bad92518e734bc4ab6479a171d90a9c98e0bfef859bfb16d5d9928f
SHA512 3c74b79976acf9bbccda98b4e7b77831112f4e4d10d8dcd005f2d07866d39fdeccb15f3e3ce8d62a870ea8a61d4d7decc734844a2bf22f9961ac961d4398f6f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bfd342ffc6c9cc42d9e37a297bc1830b
SHA1 e25918c6a52042297d1a9ab269d7fe08b2e70a7a
SHA256 e87ebe4cdb2ebec31a27540e0aba87708ef384235b54e6b7420bddfc194a3476
SHA512 be1d7bae38464cc0143d422850e63d16b757bcb6d7ca8d94189e9b783e7fb3325df82c57fdc712a45d5781a547b145fab3fdadd9a4e8689c0108a17fc3bedb40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d4cdb2ed604a8275098c112674a0c4e3
SHA1 62472ef5ea79bae5626ec22fe111f5300f3e34be
SHA256 188d008889f2d23de4de6a0965156cec94dcbd9c1ccd150e3eba0dd38f26f4dc
SHA512 daf0438a888c4bf28154e318bb6ed9541d56ee57aba9cc842a51122738fced12be9c9c690912df8f4005d908ac9633fba605b228b77581dbfcd782037af95a17

memory/3484-132-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 57ea135dbaf29a4ebe391422e33d0afa
SHA1 bbce9d20e1dc31aab5eeab33acf3909d5eed37bd
SHA256 2e7625d1c05ac4cbad241c629242fdf7f556e62a24ed6ca505523f761c613092
SHA512 a26c8aee29df25b1604a1ced0a027aeb96018917016cae6ed7c1e529164695b83d7469c0ae2416528e84ef0f4886257666ce5e7db84f95f78a7277b87ac0eff1

memory/3484-160-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/3484-179-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 461abcb328f266ccd1926c4a50d9cbd7
SHA1 fde43465f7a9680eedf279309727bfaa0d783f95
SHA256 782a51b029e47fa318ab5f775da721250580077bc4cead3d48d3328a8e9e28b1
SHA512 7c4cfc126271540e5670761f19268a0b2a3d5783b9cdb8fd86687b8bb108e5a3304f2aa22857e238d75a4431f84f2d9254da1bee478de76512349c2f388bc62e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b152a1a956de53bbd80166627a3cac2c
SHA1 b20dd0917233048158f47fea82e387ee69fe5150
SHA256 06a9dacb93cd60eebdbaacb1fbf329ec1005ee032fcd2c5b2064f89f8bf820fb
SHA512 3217ab98f40c2d6e00d4ba78b373408b219602eab1f9b8dbc3937128713e108282dd050b6355be60712fcf70e3776aacd99c19d5c462748697b029415bfd4579

memory/3484-216-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/3484-236-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e6175bcb4220f80775ed68d0f12261c
SHA1 f0cdacf874e5db0983b4e9c2c878aff3f1ae2375
SHA256 c199f3fdac7c9462049ff5cf4dff167ca2101a1d05b31c85652e94c7c6c9a435
SHA512 e64f652d74e33118ec204d30bb3da7e4e08f26395ad962b0a9e87303cd952c0224cdd424d886ca5895bcd13c97dc0f0c85cca88384aff39d4eb449aae29a455b

memory/3484-266-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe051138848e74bfc9c9d2fec4ce4797
SHA1 718b9dd639fc8d0f6d5c9e0b97ac74edd6d61b16
SHA256 3990f87df9a53a7d15a5981404c8e7039a5f2f4518a537efb2451698467bc41e
SHA512 b2e58e5152306a74aa7de14e81f5b7e135973184a616a9bc2c2c3542b451293252774df29045292f638c37c966e772480fe17ed1cab57505f619488b73abfd83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b095122759d36f69d688b3c0de9c8685
SHA1 ef82feecf355ca0fd5f6ca0cf4cd788e4f8124f2
SHA256 b0208bb35b5c0519e5fef5f06ccd1dff85474ae0a0e04c868c79cc1bc9f920d2
SHA512 bc634985abe176c61be431b95ca7bef95ac7628d21bd72fdba340860ef4f54f49b7397e7c81cd4c3ab4e9141285f355667c89eced10bbf8a049090fa23eb7632

memory/3484-299-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/3484-317-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7be62861ac46931efc8dedb5098548d5
SHA1 5e62d0025b6e5e458c4fae0534326776768ae905
SHA256 ba2cfe6fb46583db1fb69f87219942af68368ea47373fa4ca379dde8bd10727f
SHA512 bc13f302b23beb9b5b69f005eac508033530827e2697719becd497e745299394ffa05fcc5052d35bb0818658d7b5ce53db6cc5d103293d887cd1ae4e3c621b41

memory/3484-345-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\55a01c76-5e19-43a6-9e60-21c9853a5a3d.tmp

MD5 0d935e85125c0f81b72be176cd47d80a
SHA1 5bac6587cfc4f7ead55cdc4e494ea1bc437a7958
SHA256 51b901a5fa34da9a18cfc8554caf637a3fa7613cf2ac1b099b058417d46b8078
SHA512 d8da69c5a07fa503b26a6fc64f428d7f7d64f04772d7f59e3dec48e6d460f6eb563b60e543ef7b1e6a0fe7bcda3e5279c0c94aace2d47ed65ab44eb6b53cacf5

memory/3484-377-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9e7636c7a6908fff7393a5878bd29b1
SHA1 82a8653ebe3361e38b61215da9ca8030ae7957fd
SHA256 f7c71202a1fb509437470dd70a52212381c0bd6d8f7ec7cfdce51abc20c115f4
SHA512 85aa1fba7f9f08c60f76dbc7bcde4689bd982318ae491e19d6b0c5fdca8741c4313b6cf391129abc2a572a9eec67589648ac890e65cd04e6594b81ee87f19aa4

memory/3484-405-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/3484-433-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 507ab213f82ced23ca7447163365557f
SHA1 fee5efefae62a2b31929392645c3c41ad0c7c0bb
SHA256 91b6327f784e5ce81f9a2489bbe9622b7e3cd32a6692772047a65e3311c32277
SHA512 daf61ac83278fea37eda05bd3eb58c4c6ceba5068f16611376d7917645ec40ce1d6af597feaef599343a698838007b6364f71be688a9b5ed7dd22996356201bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22ae11abf365d30b8a84dfd497e63dba
SHA1 f50a1a7af560bf91cafba1b6efcafb779a3d85a3
SHA256 0fdabce9af785f96cba6c9d0bd27f151eb5b537d755b789d07b46f178282e7c7
SHA512 aad4f6d549d2f02589c9e37b9a46995e8bb0009777d5e4fc210381f3724ecc334393013e11030dd9652eed7bae2c644d118f7e6933a4f2b190432e1c738eb0c8

C:\ProgramData\AMMYY\settings3.bin

MD5 722ffcf5c7e39904828a38c55a4ec6e3
SHA1 9a6377ace8c9d832e9c97a99195d23fa020d9d9e
SHA256 86fb72a72b281abe94328280d04215a98ef2f404afe4cde0da261feb25dabb2b
SHA512 25ede442a14fb4c46c91fb54b0e90203debc479e59f145a11926e793ae00422bc694d688d6e1508708edf20c06f951718ffe6b22f24dc9b9d05a41a81092e38e

C:\ProgramData\AMMYY\access.log

MD5 61ac42c4c70e2bc194b7f76342efd1ae
SHA1 dc532e1020d23ec64bf0d2859fb6eb7a61e6763e
SHA256 d912636e72209ecb6ed8615db98438ad9a5f6fde3e0697be0472e11caa5fd226
SHA512 2f5b594a188aa8040ce9942a6aec85bbc6596d61bc9f4938052a77f4d531144c0fdd93869371b69b5d7d2d98be20782aeb6ace9c60591b83ea97bfadadd0d6d9

C:\Users\Admin\AppData\Local\Temp\AA_v3.log

MD5 06628dd9c5b11940ff00d9441b8d9bf9
SHA1 8de5a66c38aa1bd11b2d6e02faf6f45cdfca88bd
SHA256 a7c9c25dc6c38ab792aa8556402ebbad7e1998e560f6bef486c0e792642e60dc
SHA512 3f908b01d118f766bc6f8c599edccd3b155caf2429f0e7620fd56859adb50059c72a0e72b6c20a0439bfb53157303f5c59563137369c656269ea8454d37f819e

C:\ProgramData\AMMYY\aa_nts.log

MD5 dfaf4dd820cfa6e7d630c691d259f83c
SHA1 96b6d319a8c1ee9d2f096e974d555f7edbe9bf0d
SHA256 de4efbea12b059a523864f86af7a5486f1ce79b16956839dad3270039bcd52eb
SHA512 82b70acd3c8645af77765adbaa9e90b9a39d44da2b170af2acaac0ce5c7d99970fda95cdefd53ce78194d08ae28b65ac55b5af2a812332bc4a7bb7373764867a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65ce07dbad7ee220984f877e8605f667
SHA1 ce096b7122abb01d6afdf896a9f8ecbd8259086c
SHA256 20e1e5ab41737f04ed42550e30728855f9295002e5d62e84276d10fe8735ce9e
SHA512 9174c6638d3f1f6deff9909224ce393a717801943084f955c2ed122315ee28f78e462f1fde4b70ace6d88fb092196d8096ea1bed219055ea5b0d7245b4a53809

memory/2024-469-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dcffb0cd9d85ca7168baae197db4291
SHA1 5ae96a013bf8980d3675fa5be076e346958d9a68
SHA256 f86b55525a7ecf7bf1629a525d5076d15cc96058765b17e4ee7d83542eef2a54
SHA512 df0e1aec992184267025e6c4cce1dbde0ee1d7485968d5dab490c5794d470a22bf2de32dbe938cad2af8b24bf919828b6b1964f2f0b2515494371cbd82d58ecf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0404dcd5388fb519101295c03d0fe4d0
SHA1 bb390035e2cda7ba0db1c3389795c013e992be4e
SHA256 40b92fc9a760f4910a5fa50f7791789aa64eb1c890a3b4380e78099ecfd4dffd
SHA512 82a4b765a221021f4a497445fefd90d70d25c284516f2c8c6c78d457fbb4b58decf3031ce04f0bb768bb1173e69277c6886f52272c63f41dcae7dcaafd14d667

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 adf0316b7797e42221a1c49c1e1449fc
SHA1 406c9508f2d092491569102a1804e60358a3c964
SHA256 c3b50dcbbffdec31651814660fc27eb89f184ee77055ba8c8ac727407e9be1fb
SHA512 ae0539659c5ae53958bdb43dc81acb8a9cac80ea52c3ed53c6ad75721b1582907dc2dc0f630fe8ded116b5f74cd8d3da53d3d089ba17399d71e32264ab8ba961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7af35f0e810e514814731c30d27be1d9
SHA1 fb08018eb96f7573ae7c173a8d38cf4ee51565ec
SHA256 14a0ce189c0b936b3efab0a20eb28f43df37356ed896031be9dd64fbf0498f0a
SHA512 d4b33be002dbcc83499eb4a78c31dfc19af49df3baa09c49959549c06a2a91f73659af2ea1f2504810b0c2a91a7f897b2acd2bbd1a302fc7449d0a7376b2c4ef

memory/2024-515-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/2024-535-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25f1cce55e236c3b55076e8781b06ff6
SHA1 c013c1b937c646ee958a4b26892ad4813559d643
SHA256 849b83052c328845d0ec0b6347a835122324ffd95a4fdceb002ebbcf260b42b9
SHA512 fcc88ef58f6578b14d74b661c9f35a30f2d4beada2f9381e495a48426b0baec30e35dd47337314fb81961d337517c829317b00b89c159fbbeee2cec181ad45a7

memory/2024-563-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be3d869bf98a905096097d24dfc93ec4
SHA1 32d7e377bfd3b6c3d801f3d88798a9e6c5d8f638
SHA256 9b7253dc1d046ffc2ac35644ce065245bcca5f5699369e6c741d6d4f4364fae1
SHA512 dbb04972960bc8c373ab92dd552436b4e09e973a5130dfe6bbe3ff4b36f2db8be08324223899beef57523ba2e4d9ddb56dd696fa04f3ff5871eab96cf93f630e

memory/2024-591-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40e9ba5cfc9067597c074d78717e4200
SHA1 bcfb0c6bebf2990463950908c04aa1b14740f037
SHA256 047cfd00badd012940ee8e3ab8cf427b32d259ed03e717c0ef28e6835460a886
SHA512 c886f4ec15010d361a42309fca7b66f09bf234be6409fa5239b42dfe4a68e8b25c3424f7b3de4240f477050372a7c4071bbd9f7452916e0944a6cbebd46ce84c

memory/2024-623-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/2024-643-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20d7c95841aef4026aca4b15dbf8f5b7
SHA1 b688e87e904ee421522fcb46342fa0d53136091c
SHA256 56e2e788f6ffaddadaea027800ec7ec1b9e75287c94c5ab5d60b1f841b60887d
SHA512 4c298f17e1d5dadea78565e00f1eb95859c1f4f001e8a030ab30030bc5004a4d2832daf1b9f188cba4fdbd91996dec7f8271b38871f074f28d08c7cb08e68f95

memory/2024-669-0x0000000064200000-0x00000000642EE000-memory.dmp

memory/2024-688-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6dafcea148baf17e438894b84189457
SHA1 d39403c49d8bf6cb23dbae806fa614435b8804b0
SHA256 aaaaa7d5e35445c13b644a56787509c759c8dfe67146893b68472cfc7c3e5491
SHA512 560cea7f460f43e253b5deac09cd4cdd421fd3c34638d6402fca89f04fabed4878a894e723b0914f2d4a06f6a56b9e6f60ab201de93dc1d0da081d33ae1750e0

memory/2024-720-0x0000000064200000-0x00000000642EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c5a7d7765257b0067fba54224d20d5e9
SHA1 9788916e91cd57156037459d9de38b8881233f10
SHA256 56b6896207a307231e831f77e043bc5cebd5452f58ff11a1c21865c5ce1ccf4d
SHA512 d93a843d76af58fd9a9ad64f0a4810ed6669db9288d27f959b9ad173e799d328b691f863678e50cf0416c90f93768d02e13baf77305287465fab00adfcbd3ea1

memory/2024-749-0x0000000064200000-0x00000000642EE000-memory.dmp