Malware Analysis Report

2024-10-18 22:30

Sample ID 240925-2sqhrssclq
Target https://bit.ly/Kiacntk
Tags
zloader botnet defense_evasion discovery persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bit.ly/Kiacntk was found to be: Known bad.

Malicious Activity Summary

zloader botnet defense_evasion discovery persistence privilege_escalation trojan

Zloader, Terdot, DELoader, ZeusSphinx

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Drops Chrome extension

Checks installed software on the system

Adds Run key to start application

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-25 22:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-25 22:50

Reported

2024-09-25 22:52

Platform

win11-20240802-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bit.ly/Kiacntk

Signatures

Zloader, Terdot, DELoader, ZeusSphinx

trojan botnet zloader

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt\ = "{6D85624F-305A-491d-8848-C1927AA0D790}" C:\Windows\system32\regsvr32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Windows\CurrentVersion\Run\TeraBox = "\"C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\TeraBox.exe\" AutoRun" C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Windows\CurrentVersion\Run\TeraBoxWeb = "\"C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\TeraBoxWebService.exe\"" C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A

Checks installed software on the system

discovery

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpadflhmiohjfhhaehelneimpllfbpcg\0.0.5_0\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717782878317817" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\VersionIndependentProgID\ = "YunOfficeAddin.YunExcelConnect" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1434B2F5-5B9C-44C2-938D-2A11E03CEED9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1434B2F5-5B9C-44C2-938D-2A11E03CEED9}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunExcelConnect\ = "YunExcelConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect.1\ = "YunWordConnect Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\ProgID\ = "YunOfficeAddin.YunWordConnect.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1434B2F5-5B9C-44C2-938D-2A11E03CEED9}\TypeLib\ = "{75711486-6BB1-4C76-853A-F3B7763FACF4}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\VersionIndependentProgID\ = "YunOfficeAddin.YunPPTConnect" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\Version\ = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAC6C6DA-893B-4F4D-8CD7-153A718C6B25}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\VersionIndependentProgID\ = "YunOfficeAddin.YunExcelConnect" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect.1\ = "YunWordConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FD26065-6B24-4B20-83AB-5BB041D24A79} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect.1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\TypeLib\ = "{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAC6C6DA-893B-4F4D-8CD7-153A718C6B25}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect\ = "YunWordConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}\1.0\FLAGS C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\ = "IYunPPTConnect" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\TypeLib\ = "{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}\1.0\0\win64 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunPPTConnect.1\CLSID\ = "{71CD4110-1E24-4B80-B699-9A982584CD3F}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\TypeLib\ = "{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\VersionIndependentProgID\ = "YunOfficeAddin.YunWordConnect" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BAC6C6DA-893B-4F4D-8CD7-153A718C6B25}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt\ = "{6D85624F-305A-491d-8848-C1927AA0D790}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\AppID = "{B9480AFD-C7B1-4452-BE14-BB8A9540A05D}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1434B2F5-5B9C-44C2-938D-2A11E03CEED9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\ = "IWorkspaceOverlayIconError" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\ProgID\ = "YunShellExt.YunShellExtContextMenu.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\ = "YunWordConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\YunOfficeAddin64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FD26065-6B24-4B20-83AB-5BB041D24A79}\TypeLib\ = "{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5788 wrote to memory of 5216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5788 wrote to memory of 5972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bit.ly/Kiacntk

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd702dcc40,0x7ffd702dcc4c,0x7ffd702dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1768 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2344 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4952,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3104,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3108 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4400,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5196 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5208,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5324,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5320,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5392,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5548,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3360,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5784,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4544,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4580 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5048,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4508 /prefetch:8

C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe

"C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe"

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe" -install "createdetectstartup" -install "btassociation" -install "createshortcut" "0" -install "createstartup"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"

C:\Windows\system32\regsvr32.exe

"/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"

C:\Windows\system32\regsvr32.exe

"/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"

C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe" --install

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6592,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6208 /prefetch:8

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe" reg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6040,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6484 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6276,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5332,i,4116941082692254406,99967505667262061,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6488 /prefetch:8

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2524,14167434230131014340,74169540699390397,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2528 /prefetch:2

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2524,14167434230131014340,74169540699390397,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=3492 /prefetch:8

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2524,14167434230131014340,74169540699390397,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2524,14167434230131014340,74169540699390397,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe

-PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.3176.0.1193340161\472174326 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.3" -PcGuid "TBIMXV2-O_4665707CC30744F793A62A9A2D1DCE80-C_0-D_232138804165-M_4233BF090FB9-V_3B2E4DE7" -Version "1.32.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.3176.0.1193340161\472174326 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.3" -PcGuid "TBIMXV2-O_4665707CC30744F793A62A9A2D1DCE80-C_0-D_232138804165-M_4233BF090FB9-V_3B2E4DE7" -Version "1.32.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.3176.1.1000710068\1618352408 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.3" -PcGuid "TBIMXV2-O_4665707CC30744F793A62A9A2D1DCE80-C_0-D_232138804165-M_4233BF090FB9-V_3B2E4DE7" -Version "1.32.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2524,14167434230131014340,74169540699390397,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 bit.ly udp
US 67.199.248.10:443 bit.ly tcp
US 67.199.248.10:443 bit.ly tcp
JP 210.148.85.14:443 www.terabox.app tcp
JP 210.148.85.14:443 www.terabox.app tcp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
US 8.8.8.8:53 static.line-scdn.net udp
IE 209.85.203.84:443 accounts.google.com tcp
CZ 65.9.95.111:443 static.line-scdn.net tcp
GB 142.250.200.10:443 firebaseremoteconfig.googleapis.com tcp
JP 210.148.85.14:443 www.terabox.app tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
CN 60.190.116.48:443 sofire.bdstatic.com tcp
GB 142.250.200.10:443 firebaseremoteconfig.googleapis.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.13.121.223.in-addr.arpa udp
CN 60.190.116.48:443 sofire.bdstatic.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
JP 111.108.51.10:443 ymg-api.terabox.com tcp
JP 111.108.51.10:443 ymg-api.terabox.com tcp
IE 209.85.203.84:443 accounts.google.com udp
JP 210.148.85.14:443 www.terabox.app tcp
JP 210.148.85.14:443 www.terabox.app tcp
JP 210.148.85.14:443 www.terabox.app tcp
IE 209.85.203.84:443 accounts.google.com tcp
JP 210.154.124.251:443 sofire.terabox.app tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.179.227:443 www.google.co.uk tcp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
JP 210.154.124.251:443 sofire.terabox.app tcp
US 216.239.34.36:443 region1.analytics.google.com udp
N/A 224.0.0.251:5353 udp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.187.238:443 play.google.com udp
JP 98.98.225.244:443 data.nephobox.com tcp
JP 98.98.225.244:443 data.nephobox.com tcp
JP 98.98.225.244:443 data.nephobox.com tcp
US 104.18.53.69:443 issuepcdn.freeterabox.com tcp
GB 2.18.63.4:80 repository.certum.pl tcp
JP 210.148.85.47:80 terabox.com tcp
JP 210.148.85.47:80 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
CN 125.74.1.38:443 global-staticplat.cdn.bcebos.com tcp
N/A 127.0.0.1:50656 tcp
N/A 127.0.0.1:50658 tcp
N/A 127.0.0.1:50677 tcp
JP 210.232.36.156:443 terabox.com tcp
JP 210.232.36.156:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
CZ 65.9.95.113:443 static.line-scdn.net tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
GB 223.121.13.27:443 s2.teraboxcdn.com tcp
CZ 65.9.95.113:443 static.line-scdn.net tcp
GB 142.250.200.10:443 firebaseremoteconfig.googleapis.com tcp
CN 222.216.122.38:443 global-staticplat.cdn.bcebos.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.32:443 sofire.terabox.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
JP 210.148.85.32:443 sofire.terabox.com tcp
JP 210.148.85.32:443 sofire.terabox.com tcp
JP 111.108.51.10:443 ymg-api.terabox.com tcp
CN 183.61.177.38:443 global-staticplat.cdn.bcebos.com tcp
JP 210.148.85.32:443 sofire.terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 210.148.85.47:443 terabox.com tcp
JP 111.108.51.10:443 ymg-api.terabox.com tcp
GB 142.250.187.228:443 www.google.com tcp
CN 182.140.225.38:443 global-staticplat.cdn.bcebos.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.179.227:443 www.google.co.uk tcp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
CN 182.106.158.38:443 global-staticplat.cdn.bcebos.com tcp
CN 171.214.23.38:443 global-staticplat.cdn.bcebos.com tcp
CN 171.214.24.38:443 global-staticplat.cdn.bcebos.com tcp
CN 150.138.188.38:443 global-staticplat.cdn.bcebos.com tcp
CN 124.239.243.38:443 global-staticplat.cdn.bcebos.com tcp
CN 123.235.31.38:443 global-staticplat.cdn.bcebos.com tcp
CN 125.74.1.38:443 global-staticplat.cdn.bcebos.com tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4f95ad7c7a7b60b858c0b98a143eb123
SHA1 ff32445ec588c353cbefbc41c61906d3273ca3f4
SHA256 e51fc554b122e82c39249e29ddb23202a51170e8aee1cae0f0b00ddfb7d71404
SHA512 8f5a96ef1a8571d00ff0ccb1f87b78cb9c301874a280098fa718426f676be65cfc374057f1f6cec1573d1fcd6580cb7cb468577923351b362c8eecfbd0c06f03

\??\pipe\crashpad_5788_AXDNJGOUHTWRAGRJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3075cb10bc40f1000c0050050acb4c53
SHA1 441ba21777553c2101f07cadfbb6f3081355ee96
SHA256 8ff451feabc16ef84d5e9f31ec9b52656f5ed73de9ec015fafd61bd12c620be4
SHA512 53456bb965e8794ab5b09909d40cfe6f68401326398bef36b066e9536b29a59e7b744aeec4ec8f31d689a257782a419f61de13e7f80e9b70d3da33300e67d641

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35710006c4fbe9a05c4cc65043382408
SHA1 0407600784ca939c78b2847a014140a7f9c7347f
SHA256 60846c37d1307d80c4149911674ba010c85c42a303ca4e42babd42ea5c23de12
SHA512 434d2eeecfda7ad89358c477c1acd1cf6afaec3e7f7402e35c6ee3521feef9dafbe9f965ec711fed4d703c46346388e0f8be79c63f0a71c1bac523e2969aaeee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c69ff54ae39d5cc2e2d0c0f1de480ee9
SHA1 64443d1e4a4b9f5face7f2fa81e15dc4099b49ea
SHA256 39aafd0b4721be78bad1b6dbbd6afe781117c80732e54d7cb1e8a4e56b173036
SHA512 a35bf1be28a5b4a936426492f186f90097c4de8c70f4769c7841f07f7221dd7200d864775d62d5113c9ec99a7a6fec062c3ffd13e942cc0722344550c0cc5fd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5442b93cb47be09f56d58abbc7e0b946
SHA1 e52b5de352188adb1f996457182f754391e15d3e
SHA256 043e1b58b0e3ce1fb12e137373787e8b9874576e9b7c3991300ad53a5ebb2730
SHA512 6d3bbb5204139ccb836adc22b53b226355d906f95f0892e6c5a4bc70ec2724a00a91354cd5219b481af67abc6a2eece8ba47068ddfb46d570b16d4d0ba35e359

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9e845d8f59f82d8c4878bf21f60a2bdf
SHA1 1edb06d793dce236f2d0c16d7375ee7f7519f34c
SHA256 5d2998e2b51872caa066b2cf837d02f6f7122cbc000995b16c032572b78e13c4
SHA512 e57e0e51cdb87048b97be8b68dc9cfca2bab82e42b12631bbb7daee3f014deda72c677c34f8b5f499da15f789c2a6d74e6ecebbfd4e6f1f2077164555fbb2b66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c755194098b4b989721e4a5876955acb
SHA1 9ec99556c999255c360b54a2e73dfe1677a0fccf
SHA256 8f52fecee656eb7ed40df2e5af2a40f5f065044934e71f99288d3dd87ff009aa
SHA512 3f24be1ccc090d816b3ab18c53dc84099f28b5f29910a57a897ca365985d6210ae4b6b8e8b56d5e14749ad263e4edbd4dd5055c1cd8ae7845edb6ba90795c613

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 47fcdcb39e5be9defde1168df1b7bccb
SHA1 ec5caffa8e96010b845aa757f0bb9aea487bd298
SHA256 9c64f9f54f9bf4cf8ab2e46f9c8979a96cb2437a0ddf1d679d3e644a35218023
SHA512 1dfefda6a21559397f561584a6fbb18cfbcebb6c4a2cac0ce5b779242b219f79300b87f23426adcf6d983cc020e7b6040d8b7859a86d6edf40efc849cfcfdca1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0b59f88c14ad714744de7a4c7059e512
SHA1 41d5ec57c774e552fff66893b1cb922f008a6f90
SHA256 dc31c4b1a06b8543f3205ff283031540f8a6822828a4e0ca9d37563a33c9b26c
SHA512 9334ac0c226af383dea69a70dc60cf65af500ff43242c67bbb7cd38db420449f5dda881e790f2808be5e6b3d8c5881122d127c536fe999d380c934603babe085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c26fd3c501820122abf4bca6ec0a8c08
SHA1 3bc939c8238b05fadd81df5610512300b52f772f
SHA256 0efebb292fc82680ece59f7d76cfd94dc48804f6bdd4720d292beccca9d0bcd4
SHA512 449c6b4527762efbda4de120231c61ae39b759b4aeb0d2ee9dc91b3dd11a289844d47fa56aa113b825205e7b890d64ce22e286487434ef94814202811455914b

C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ef847c29318b16b505bf41d0048130b7
SHA1 35c56e8fde72a559c2f559991222fc65342e1285
SHA256 ec227e3c1d943e1b346bfdfa500eeea55273502249939df38f181a42b21056b4
SHA512 d239373955d7cab221e30683c3f280413528cade712285e8d3d42c58502adcf4170551b61075e0add0f70a77add29ea6dc145205ce474700340819f428198384

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ff6d237859ea87fb2cfa4f60efaf5e8
SHA1 2fd75442249ef988fa26a18f8c7c83b4a539a4a2
SHA256 ea8fa110fbef5feec8e9209dc2abd00674016e64b6eceaff4a92b4d5e85975c9
SHA512 9e3e1a798ffa90c15e646bff0f29275e0afed2a11862b519ec00211c449526f17d7c6f7b7106c2d5223385c6cddcc50566f96d606f7d43ffbe45e2b5c4a8d65c

C:\Users\Admin\AppData\Local\Temp\nsz83C3.tmp\NsisInstallUI.dll

MD5 69b36f5513e880105fe0994feef54e70
SHA1 57b689dbf36719e17a9f16ad5245c8605d59d4c0
SHA256 531d1191eded0bf76abb40f0367efa2f4e4554123dc2373cf23ee3af983b6d5f
SHA512 c5c09d81a601f8060acf6d9eeaa9e417843bb37b81d5de6b5c70fb404a529c2b906d4bb0995d574dd5a3b4986e3cbe20882aa3e8349e31ff26bdb832692596bd

C:\Users\Admin\AppData\Local\Temp\nsz83C3.tmp\System.dll

MD5 8cf2ac271d7679b1d68eefc1ae0c5618
SHA1 7cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA256 6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512 ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

C:\Users\Admin\AppData\Local\Temp\nsz83C3.tmp\nsProcessW.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

memory/5140-390-0x00000000050E0000-0x00000000050F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f8a20828b84fbccf4dfd2342be769fa
SHA1 a46b66d93fd062629904c5a1575f8e9eb758ffd6
SHA256 fcac753b5c29fb86021e34b22783c4eaf52451e582e2fc39566e06d5183343ab
SHA512 792955957cab46ee81ab8e1f8284e38507df2085363e51b017b417d5308c130afcb4f05bf7bcc8e8c84513c9f4c917f59b79caba9152d30b93a7aa421d9108f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7d570bab51c8b2ca9a841e69d740da11
SHA1 8b51bf68a8b05f42f57c4265cb0770837124b388
SHA256 5457a07934a1481b2c21f08f940e6231b5c9729356bea27265341c28432a6647
SHA512 be5b8aea1fdb859974196ae556337699e36fa7372bbd9a588d0791baeca3372853e1d0893e57d7164a310394f01176d902d1881ad980b924b4dc2b44a328d5ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 88480a9b2c6f0e380f92ec595241e5f1
SHA1 b6850d2eeddafb520a6037fddc8ec362630ea221
SHA256 a6c0b578929822e7fad96617e9202d1de216201d30f33c52968a938b9b3499f3
SHA512 466914cf5d39186b13f20153602ef63e4b55cb59a1e4b193d4ae6b6ffb431b299379b189875df75dd400e87782821f26b9d8b69534cc794cc0862313a636c63d

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

MD5 117c541f80c5e6706e722f9431d9fef6
SHA1 d19eb357c221f4802e0c342da69bcdd463400b80
SHA256 e6435157581258557202d04b08ebda3c87d52e5354ccc33825d80673c6b16e30
SHA512 8239044b8b08d5743d09118c5db1a0e5dac8b77482b8d9b6146130df397d4a1b00427b6049bc82f14e6f6cf67a5dc8cdc3387931e28544277fe4fd9c912c0328

C:\Users\Admin\AppData\Roaming\TeraBox\Bull140U.DLL

MD5 aed059c46be32077f7b63ab9349eee76
SHA1 cc84ed3fe63e110f489111d7acefe9effb389aac
SHA256 b7234ea6641f484834412a6edf820a56b7b26257e8780bff70f1c9d7cf02b9ee
SHA512 f829e6d503f88f3cb50c1142a024368ca8cd787a9a85f6955fa5092cb5c06f679bdf5377718f97e1077a89a8606c3698839e344524f9d43629cdf02a4306da27

C:\Users\Admin\AppData\Roaming\TeraBox\AppUtil.dll

MD5 2b01d156bf9857a17daa46979218fa4c
SHA1 591285020e8525ca51d1021ef8b4267d22b07329
SHA256 b36a5d808f8e64ba0635c72c7c9049453a98edf160083df05a0311dff471030f
SHA512 8afcfdf2d745cc634fa9440b7792b5d1477b1a15838a787aab9f4be4ee5cf0b81e08f4322a96ece37ff31f19fa4bf1f74463b3c908f0d532d1b25cee0d59bd3e

C:\Users\Admin\AppData\Roaming\TeraBox\msvcp140.dll

MD5 1d8c79f293ca86e8857149fb4efe4452
SHA1 7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f
SHA256 c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4
SHA512 83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

C:\Users\Admin\AppData\Roaming\TeraBox\vcruntime140.dll

MD5 b77eeaeaf5f8493189b89852f3a7a712
SHA1 c40cf51c2eadb070a570b969b0525dc3fb684339
SHA256 b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e
SHA512 a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

C:\Users\Admin\AppData\Roaming\TeraBox\updateagent.dll

MD5 1605626fc49e04528739581c8805e227
SHA1 c3a3f8b626b99c5c8ca41b5fa181681f571f4825
SHA256 8ed13ef0a5372d46ecfa82dd66e3f8bb963c3db7d9442d11ac33aa9ad34d37e6
SHA512 975e211ec53d54d434692c48cbb86bb843f314bd2c6ac5dbeed6155097c7a7a59cb7e3df119ce463c2895755be9ded6012bab59b2a7b7dd22dc6acc600a7ef8a

C:\Users\Admin\AppData\Roaming\TeraBox\minosagent.dll

MD5 216a2dd23f95bdd63cd88a50eb7e69bd
SHA1 9c63635c26e276179f8dba9e02079bb3170b0321
SHA256 63da24020a82333c79806f3f8aa92fb9103f20b0b90ab095ee52601f6b154ada
SHA512 390ff16e8b0c07c1bda03584096404bdd22d69a0eb39a76fc6155c81584e1a7737f8f9d359a7be8e861bcfb02ced46950a8ef6c20a896774647086c21ee7edf0

C:\Users\Admin\AppData\Roaming\TeraBox\uninst.exe

MD5 af58fb8e4130fd3779a743f05a17524d
SHA1 c1b1d0e256a58c3f148d818aa79b2a7429e8a8ea
SHA256 e02a12cda93ff7f02539661d5e7459550cb2c72047c034e357af3d641785ab5f
SHA512 27a7681a07d6c3f3f5f18ab8c9ad3fafd2352c6fd10e00544b51bf7314e5e603e556b153ffdfdfa0ccaa0110a53022ea535549de8886f689ff9ebbec25262480

C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll

MD5 3a70aef3153e58a9624ef1bcaa63fbbb
SHA1 9f6a9f877a2153294687cdc5e661c6c539b3136d
SHA256 aede12d6e7221cdf81ca4dd73c7961a7d5bd4313f7793f5437a64ac271844317
SHA512 4d131f536f560207f7d259144327625d7c352c93979f663212d0fc430840757239e9be9c7030bc1826765d078fdaa9cb730e0cf2d217ff8203f6742547ffdaac

C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll

MD5 4fffd9ffde2d48f474f9280c944b6940
SHA1 2dc56ab63e3241eadbb3e39ef697d2d468d4a57e
SHA256 635e8364383318f04667524663191e03fbcab9359006a1e829902bce7e19544d
SHA512 d40e5ff0a2f1a8ff38c159c149bb71456f59b9ca277b0e8a2c88e61b258db8142c7ab942817a0c28cac47635cfc300b10dd955fdf1bcb8078122a6d66cd10f85

C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll

MD5 aa257db82af0ce00192bfc3a72c47d56
SHA1 bbfa65b9512dbca06985fca1534c1178b331ab7b
SHA256 1083ea29c46cc3fdd3324a1887b6e3489e98076e9cc1b941f363ebd2225cbbff
SHA512 b45706e23f8f394e2693c49ad1410ddd3012fda01c3d88778f9d8c0ecf23b498fcd9e75d2eb45bb7032ec940bd81f568ace9830d0ef634d989f7408b03104b78

C:\Users\Admin\AppData\Roaming\TeraBox\terabox_ext_chrome.crx

MD5 d1228d3f6008b5ab6bfeae22e47163d5
SHA1 c9daa88047adaf64f79ab8eb39c638fb49d7c40c
SHA256 abd139cf05cfb99922766f68292791ef239b589acd0e78e6623b6cd57dcfbee2
SHA512 3fab9d678d9a890cd954958fc06b9d97d09bbe843d2c6a563c7a42ac615d2e36c4255a0a362f716e0549282d635ae8532d68c4da6513e345511fc31c791be5b4

C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe

MD5 666302bb1ecf9edb2445d390e52c737e
SHA1 df8272fcabaa673bfe2e135d9f351f5ec366f077
SHA256 48a15f0945dd83ec074066e7a47131f1f48e85e31fb26280c8a70753d7584b2b
SHA512 ad0850f7d8985dca12cb06b2837c3791e75aba35e74243f13e143c423b116338b4ff5531e2f77b5c778a83926f5dc5ce801f23013ca1e5334ceca36ebd302e6a

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

MD5 1e77999ac64fd309a200921c646ef7c0
SHA1 53679977c98b484e24e7d8c0810c695c99c98be5
SHA256 5700ddbcd18561e1bd14c1de034fff226038e36e3bfd2451b5678fd6028d5aab
SHA512 e1cd7332d9aaf6dd1de0cd053e47d54334b6fadd2fdf78fba33420cd9437d3ace463222bd62ef974a68ac0f752d052f73e45a92899e0ff4a926612ee07d34b17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\tabs\upload.html

MD5 ce0dbe45c168444b4044186fe777ae6e
SHA1 10935a714d607e9c187922990d758d9c44707892
SHA256 0a38553872d8ba828acd117a9351495d8751e37068b889583821f18e759ba18c
SHA512 aad5cf5b199bc0b2a1d4d057dd18153159a80bfc64ed73610dd3d7700e4a8d2a595109a9e6d1b76f7de58d9ff19809d5ef4c2e7ff1281ca2f31edcf4b89f5ce7

memory/5140-750-0x00000000050E0000-0x00000000050F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\tabs\upload.fff2005f.js

MD5 bf8ee3296e5286ce9cfe4d5bfd0dcf05
SHA1 3caa16b5e1f2393b6d5e4f1d0c92344e30b02982
SHA256 388db65bc068294f230d3b29e4f57899b2fd8a8b33bb597fa277db4d7bad9726
SHA512 2de06740275131e5b0edabedbfa07ef86431f41c55ae7d7c896d051fbf71cb59d4c9cfd9a53ff89a47468ca378b5c2a0092ce5e556a83b4b38084159cc781b74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\_metadata\verified_contents.json

MD5 3f53538fea29780d614d868ec535c656
SHA1 8a5e38c8e37b8c8c4e9c92da71b73cfd73735fd3
SHA256 3971200c9ff31a4246c2d1e5fa7b7736dbe0e08ac5e35e9193d61267e1f9beb2
SHA512 ee76edbea6b520a61ba09e18864bdf9c93d231a665ace46ab10069b14987096374c67d73626ce88aac4248240519d9a1c16a1b54b772023b0b0c9f63ff59ea9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\popup.html

MD5 aebaafaf40e4efbcdae29865c5f15e45
SHA1 4c8d363885b86ea344c2bb4ed56420c9c498dbf5
SHA256 6600a4b34d070ebcc773ebec3b87043772ad7c45ad46d8677d820c6a4b21c994
SHA512 12dcdaed13823c3e1e03c499fbeb51831e5318afd2ca535ea2118e53724fbdf7b533207f660d4579010a286bda494c543354e2a464651f6325b0ee07f87c6ace

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\popup.82bbf211.css

MD5 3db5fa906ed2537d677ed16ee400cee8
SHA1 1a3dd114649a3fcc7eaaf4d0853cccc2375deea6
SHA256 6e5e196aabb6097fd688f75f976dcae2d7c367f73ee29151b6fc567fb11e4f0a
SHA512 c748ba696e39bf2bf51643f5180711f38583c201eba59ee430a3e85042ff78ca4d8b9e6f80cbac83a65c40b5e5a7af5fe5ed2627c90ee0eb43eed1442e53aebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\popup.49fbeb31.js

MD5 b8cb1f92eb5ff732eb84facd56739b47
SHA1 cc5719e299003ee07223eb1816ab1e8e2e39aecd
SHA256 ccf4f29d0ddb966793774f4ba875b5e39124657a8ccf0458785a4cd98145ef6e
SHA512 d5b65d551bf5be6ee8f1e58341249cd08d4c14b133c05fd5a11333dfed8bb946425869faabd05a35a5a8ea79716c842284cd034d5625f2eea1be598bb9ee847b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\manifest.json

MD5 82ade69e0a61d4a5a52599e47d1ded48
SHA1 b7cb43601818557e96022e6e14e14c9a608b1ac3
SHA256 13c6cd7e1c850769d452c2f971ffbd4cdd37eb6ca0deeb3e670b25766be3eec4
SHA512 ea8f112b717f96a5ec61228626ac7f520ec013d4ff9f7d139fdf113841a1ca3cab344a9adad9ce2d87bb76e286ea085a8e751d404c84c42ca6bc0392e2ac8a4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\icon64.plasmo.e4b604fc.png

MD5 410b633662ef1689f2ef0238442ce935
SHA1 87e5060d0fea11a07b11434b7d16b019f2896960
SHA256 8f11e60a86c5ebfb4909213048c62c641532c248a7c7ef2ca4d789cd5f2f5365
SHA512 4e64ee7d3739cda2870f27a7249e5bcabe2c516bdd956109d5193a237b499bc3035e8488da5deeb284cce3820eba4131d3f5da83e51e1ed265e3fb595527cc47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\icon512.9f01ba5c.png

MD5 5b7857e25912eb814ad3fd6033682576
SHA1 8a6eccff0db631b298bb4ba265f9758885486c2a
SHA256 a22b5ab578c98de4113a0f0b91106a703fdb543e1a11e6d7594b48cc6090657a
SHA512 58c51b9b3bb68216437dc17f969adff663b89bde63187bc107814a0955ee0430a74063f9a2359b6445aff1909348b65f197b5143ef228238635ea2f15b811476

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\icon48.plasmo.cae3a6b3.png

MD5 78c0b51f85bc143297a5219abd4e10f6
SHA1 a6f8db876af4cc28d43f91a8eed001852c7d6bf3
SHA256 e5d369ffeaa96219d797467f37827237cc307a739e428446a240c968864926c6
SHA512 e062ee1fa5dfa09aa2d0fb64b911a2ba4fde60988e22c75515f40c02cbb9519d58ebb5b8860b2672c50c1d2ce95b1757cecfda731328cc0aaa2c3768dca49c7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\icon32.plasmo.9ad0c5b6.png

MD5 3e70a490ec41a716816b2c7a932eb907
SHA1 c347fa82aea65bb5b067a182f7343ae4bd78f40c
SHA256 288e661fb7827f84266d385f641514dded71eaafe6073e843e8ad7859f63db91
SHA512 91fd8e0bc1924a09b7665cd38ef3ab4baade82c0af773285eda45df33254a0d6b796c1fb4b4b6a6eeccf8a028163b2688cc8539f441f941b6edf214da585633c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\icon16.plasmo.00ac8b83.png

MD5 95f0cecb2dd7458e7e89435bb31dcbdb
SHA1 27c7c1313086ed3b4b03f7c578fb9ef2d23bf618
SHA256 d491250304085f79022f9751707ab692fa7499a386188e2b157ae1344be40c07
SHA512 a50aaf164720d17c2c7a1af08474291869d842cc229a0ebe1d1d557db1b7fa14584864e05f91c7c256e415ff1e9d8ff3e766d766f4a247d688a00b8b78eef4d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\icon128.plasmo.b89b7dfa.png

MD5 3209591bb33cf1325b759a3d4a52cdf8
SHA1 5bf5d653efe8c59941db96939c882ffddddc4966
SHA256 f294dda542ccf32621e8d80806ed03ead3c800ea5ccfd73dbb8db1622de77113
SHA512 af02794bf80233644ea18bc144b46ead45b164162b871d89c2ab3db00aa45120c21ae55f8b83d67a8ea743886a6f63b6145bc58cc3b78fd894b2de3feaf82bb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir5788_1481237807\CRX_INSTALL\background.d0591844.js

MD5 ee3827d15e9b168553f227839314692a
SHA1 9058e257870ac5b8c3dfd689ec37ab59a4828cfd
SHA256 599bcdcaba9a6990d913c7b4a7b82e131c457bf3903a5469647a85553517a6cd
SHA512 e3cb4fe1c2e7e571767bc36382ec30bde3bfc3896a22f417168084783da4c123d7056bee4461675b1b93d8cce5f3b4f9b51bafe3c2c2362cf994abad5b48cdbe

C:\Users\Admin\AppData\Local\Temp\scoped_dir5788_646024803\CRX_INSTALL\contents.c10c11b1.js

MD5 16b38d2d77cb0b5da5d28403946a6a2f
SHA1 9b129decbf92a0c40006cb08c4d5dd80094676b7
SHA256 30994e98ee7992ff32bf1ae2fe6ae5341074ffd29dac3cf3c23569a6549a0571
SHA512 c1c575204e49b642ad7db2c7534d33509debb705a6ff66888220a783bcc80d19ad82d9297523e50bd10dc2a30a2b9bd9f215f3c9371d99c731b03c2b7905f290

C:\Users\Admin\AppData\Local\Temp\scoped_dir5788_646024803\CRX_INSTALL\contents.4683de87.js

MD5 66fd5b0645cff76133c84e98227fa5ef
SHA1 415c40936b7440d23695e9d5229ea0da3d640c7e
SHA256 8100e3821f040f50b51a5224736f629b01e6b38acaea835eba1d6c68bcfca189
SHA512 9bfc3b173ab90a9a39ba5efca4d78bc5c10a71da8dc84f1f5e2cb141704a03c02e8104432f8bc8c538d030bd3ba69071d5912dea46f4990d4c2f5dce8ccde16e

C:\Users\Admin\AppData\Local\Temp\nsz83C3.tmp\SetupCfg.ini

MD5 86daef0a1abf90f934b20119d95e8b73
SHA1 fa9170644b102c598005d1764a16aba54314ab69
SHA256 a5b0e58f66055ba5c9730dd7983946f92075bcf7052343b8d64ee95faa99eaaa
SHA512 1e95d6b697621f5c8bd194b5252f7717c3aa48a25d91d80fcd5fb0f1d06747c5f39708255bd85f18f776468dcde5645a8ac088431d412af1b10932d7f0df67b7

C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/4784-842-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

memory/4784-840-0x0000000001120000-0x0000000001121000-memory.dmp

memory/4784-847-0x0000000003190000-0x0000000003191000-memory.dmp

memory/4784-845-0x0000000003180000-0x0000000003181000-memory.dmp

memory/4784-844-0x0000000002C20000-0x0000000002C21000-memory.dmp

memory/4784-843-0x0000000002C10000-0x0000000002C11000-memory.dmp

memory/4784-841-0x0000000001130000-0x0000000001131000-memory.dmp

memory/4784-848-0x0000000065AE0000-0x0000000066F0C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 98f09677725151ae2f458b7f6c3da8fb
SHA1 c944a09a27e89bf8d5585c760edb87117c7e1c14
SHA256 a1aedd5211c12cff4f93a98a0cae7bc1bdbb662174a9050ae4de6e24f1c0b201
SHA512 66e173b981a6b091e4d997f79e905a428356b6d2d65bad8730fd7cac3972458da2867cdafa9e873f634b0c5d714fa1f6d0aabace884eeb807c3f5173faed4892

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 971ca02656cc59c790a541e39077dd53
SHA1 82c0854e3d30acd1f83e145b7e34b58250dfd8f5
SHA256 e54ff88dc36d8657a9c7ca74e17769d21be902c0478c366168e6ed79d402bec8
SHA512 c1d5c8512d86f723524e19144e482848d0e9407db1d1a91ba80214b464f725ed104452ed38e1439e852483b35b954bef2f7d4e369827ed82e3aa4d469ff8f0ec

C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000058

MD5 f942900ff0a10f251d338c612c456948
SHA1 4a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA256 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA512 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41