Malware Analysis Report

2024-10-19 06:26

Sample ID 240915-2gqdmawbja
Target eeeeeeeeeeeeee.zip
SHA256 734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538
Tags
discovery evasion persistence privilege_escalation ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

Threat Level: Likely malicious

The file eeeeeeeeeeeeee.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence privilege_escalation ransomware

Downloads MZ/PE file

Disables Task Manager via registry modification

Loads dropped DLL

Modifies system executable filetype association

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Enumerates connected drives

Checks installed software on the system

Sets desktop wallpaper using registry

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Unsigned PE

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-15 22:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-15 22:33

Reported

2024-09-15 22:42

Platform

win7-20240903-en

Max time kernel

434s

Max time network

442s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\zip bomb.zip"

Signatures

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\Desktop\Wallpaper C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\License.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon32.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_259754612 C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Order.htm C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Default32.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip32.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\WinCon32.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\zipnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Default32.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\License.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\WinRAR.chm C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\WinRAR.chm C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\rarnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File created C:\Program Files\WinRAR\Order.htm C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\Zip32.SFX C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File created C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
File opened for modification C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\Downloads\winrar-x64-701.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\shutdown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\winrar-x64-701.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bz C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cab C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zst C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.arj C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xxe C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lz C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uu C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.bz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\"" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext32.dll" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xxe\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.z C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,1" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.001 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew\FileName = "C:\\Program Files\\WinRAR\\rarnew.dat" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lzh C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.taz C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2104 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\zip bomb.zip"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4ff9758,0x7fef4ff9768,0x7fef4ff9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3232 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1072 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3396 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2668 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3956 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2272 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3880 --field-trial-handle=1208,i,13461715134904040659,4511545543976257254,131072 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Program Files\WinRAR\uninstall.exe

"C:\Program Files\WinRAR\uninstall.exe" /setup

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ver -imon1 -- "C:\Users\Admin\Desktop\zip bomb.zip" "C:\Users\Admin\Desktop\zip bomb\"

C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected]

"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected]"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' set FullName='UR NEXT'

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' rename 'UR NEXT'

C:\Windows\SysWOW64\shutdown.exe

shutdown /f /r /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
US 8.8.8.8:53 www.win-rar.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2104_JZVKBXHMHXIFDVGC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5886dc5d5bc73c0698b03bfac1729499
SHA1 b790b749dc758aad306f92482911dc42c5c548c8
SHA256 5e53ebe6ca934840c4ee9b21931619fe4a76c5bf927de4e6d200de23b06ea715
SHA512 20ae53c097cbeeb7942bc2bf0b7e630438ca9e57feea5ae90e8f5c0d6be9390e7203474c9b16a740d4be4cf986d11c67eb1243d742756399c05302dbab651e90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c696309c8f26a911b43455e5a7801a29
SHA1 a40872be3ff0308377d046d1c0301c25d4c617da
SHA256 931d61a0e112a0173aa536b1f7ebfbe7a8c7107cf5bfcafdbd266c233060d6a6
SHA512 162f4eaa3c3de9523942c0f5e9d142af4eee95d2638dfead0907cc07fd5595089f66018c70ed8f68c12f4d3bdbeff908948c39a5444e169eab699acaeda51909

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a78d4aee9ad05501138180b136ea5c9
SHA1 78989e0975056232e94037693d99cea78c5e7e54
SHA256 5bd4c6690a79635a0b372061d0677ad5951ed03915af10d9df8dfb2925341749
SHA512 61fb38d1386089a06aa5a43a4005e2d9b74f87fdc9bb8606688280eafc3bd8e216fd72e258b7ed3f95db85c22a1bfff38f7ad51d8fde5391522a85a98901ff6a

\Users\Admin\Downloads\winrar-x64-701.exe

MD5 46c17c999744470b689331f41eab7df1
SHA1 b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256 c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 75d51f2d01042c4796b4433b63e9aeca
SHA1 29a0047e746cd59c7cad4af67782b90fb503d4a5
SHA256 8db5cb37e51cce2edcba02bd37e4e790f6b05e1f637a38321cf78a49f035d5f0
SHA512 e07cc747869998974c4fba135e2c7b9e2d49176663f26e39fb5d0032d345b7cee5eedb369a9f911d66db8bd7ca282a5e4bf2758c0f1065bef1494575034666d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c96877513827979174af1c8da567768
SHA1 7ced8ea201e78f4c17d8fb8ab77995b1a3736f05
SHA256 6cb25ef4719f3a936e18cd5849721eb9285f3f573dd6879658dd79e075ffb42d
SHA512 2302b83e05bdf807a905c55a2a187f04cbe7cab372ac6aaa3d0a40d9ae75aa9941e035be15c25ed0fad6b6f5a225d4ac963ce37dbba98ac608cd4a968687646c

C:\Program Files\WinRAR\Uninstall.exe

MD5 4783f1a5f0bba7a6a40cb74bc8c41217
SHA1 a22b9dc8074296841a5a78ea41f0e2270f7b7ad7
SHA256 f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c
SHA512 463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\36bdc347-7952-43be-87de-d4fc1da1530a.tmp

MD5 966b2a665143abb459bc0d477bd81b56
SHA1 288227a63e2eaa1c59d0b9ba5a6d4fefa82c86e4
SHA256 26e41a12fef2c28635e43ec1a74c6748d88769d07e0ddb774bcb336851798b44
SHA512 2058d3fb9fa694732c2410419ccc317b8e254ec9535b24ad74e65dfbb313a0b11250d72e10de954e82e4c6d4948e154e6ed601ee873d06ee107d1da8d5ed3fb9

C:\Program Files\WinRAR\WhatsNew.txt

MD5 1c44c85fdab8e9c663405cd8e4c3dbbd
SHA1 74d44e9cb2bf6f4c152aadb61b2ffc6b6ccd1c88
SHA256 33108dd40b4e07d60e96e1bcfa4ad877eb4906de2cc55844e40360e5d4dafb5d
SHA512 46d3fb4f2d084d51b6fd01845823100abc81913ebd1b0bcfeb52ef18e8222199d282aa45cae452f0716e0e2bf5520f7a6a254363d22b65f7ab6c10f11292ee2d

\Program Files\WinRAR\WinRAR.exe

MD5 53cf9bacc49c034e9e947d75ffab9224
SHA1 7db940c68d5d351e4948f26425cd9aee09b49b3f
SHA256 3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3
SHA512 44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda

C:\Program Files\WinRAR\Rar.txt

MD5 b954981a253f5e1ee25585037a0c5fee
SHA1 96566e5c591df1c740519371ee6953ac1dc6a13f
SHA256 59e40b34b09be2654b793576035639c459ad6e962f9f9cd000d556fa21b1c7cd
SHA512 6a7772c6b404cd7fee50110b894ff0c470e5813264e605852b8dcc06bfaeb62b8cc79adcb695b3da149e42d5372a0d730cc7e8ed893c0bd0edb015fc088b7531

C:\Program Files\WinRAR\WinRAR.chm

MD5 6ca1bc8bfe8b929f448e1742dacb8e7f
SHA1 eca3e637db230fa179dcd6c6499bd7d616f211e8
SHA256 997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344
SHA512 d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8bdf652853525556b89d51a8350ed2b9
SHA1 5a5a4f323d5d40610b93d4cf05ce9daf60010a41
SHA256 4507f1c241715d51dadb51a495a8284c88a4523871dca1496213ce3843e913be
SHA512 81658df3d1b2f16c295348ce47c8ed473e70ca14fd32cba42b068c12f9f10e4f5955e3079bb60803a5d78ff04447b512adf8791f03969b343c3a8c56e937f2aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\40c52347-878e-4a10-89b2-3893058e64a4.tmp

MD5 f556eaf02a91a1af0ae1dbed52947d60
SHA1 b7fc4465e29310dc51e0570ddf65247a6f7a004e
SHA256 452efbc694141898429ea18eaffb6abcfe43c9eb09ac2e3c1fca8b9f6eebf26d
SHA512 54f9472bb1b0e3c6a60627dc0bd5de855d823014d6e25cc67f24e2d881616414f9421c32e8252ab2efb5c87c0db36ca8ae73afd9f3179582139e369191f2bde3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f58badeb85019035c4339cb8083501cc
SHA1 ad1243e3c88d1f23fd1c891e3d0bccacfd043be3
SHA256 9da51dbbe8630ae2285dc86a561bdf05478707167b4e181ef0309eadf1f856bd
SHA512 ac11ea774e82a373972d6ef3ea4a7fe24d8e630077cb320c8d1c98c98c1fb64394a8969d131c0d0773f38c0fad10252c5f22c0262b7ba5fb668b8bd95118d173

\Program Files\WinRAR\RarExt.dll

MD5 1e86c3bfcc0688bdbe629ed007b184b0
SHA1 793fada637d0d462e3511af3ffaec26c33248fac
SHA256 7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef
SHA512 4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac

memory/2576-425-0x00000000009A0000-0x000000000104E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\windl.bat

MD5 a9401e260d9856d1134692759d636e92
SHA1 4141d3c60173741e14f36dfe41588bb2716d2867
SHA256 b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA512 5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

memory/2576-439-0x0000000000850000-0x000000000085A000-memory.dmp

memory/2576-438-0x0000000000850000-0x000000000085A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rniw.exe

MD5 9232120b6ff11d48a90069b25aa30abc
SHA1 97bb45f4076083fca037eee15d001fd284e53e47
SHA256 70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512 b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

C:\Users\Admin\AppData\Local\Temp\v.mp4

MD5 d2774b188ab5dde3e2df5033a676a0b4
SHA1 6e8f668cba211f1c3303e4947676f2fc9e4a1bcc
SHA256 95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443
SHA512 3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

memory/2576-449-0x00000000025E0000-0x00000000025EA000-memory.dmp

memory/2576-448-0x00000000025E0000-0x00000000025EA000-memory.dmp

memory/2576-450-0x00000000025E0000-0x00000000025EA000-memory.dmp

memory/2576-452-0x0000000000850000-0x000000000085A000-memory.dmp

memory/2576-451-0x0000000000850000-0x000000000085A000-memory.dmp

C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

MD5 9037ebf0a18a1c17537832bc73739109
SHA1 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA256 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA512 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

C:\Users\Admin\AppData\Local\Temp\one.rtf

MD5 6fbd6ce25307749d6e0a66ebbc0264e7
SHA1 faee71e2eac4c03b96aabecde91336a6510fff60
SHA256 e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA512 35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

memory/2576-1259-0x0000000002660000-0x000000000266A000-memory.dmp

memory/2576-1258-0x0000000002670000-0x0000000002675000-memory.dmp