Malware Analysis Report

2025-01-18 23:47

Sample ID 241108-xwe4zsxfpc
Target wwwwwwwwwwwww.msi
SHA256 793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
Tags
steam discovery persistence phishing privilege_escalation
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8

Threat Level: Shows suspicious behavior

The file wwwwwwwwwwwww.msi was found to be: Shows suspicious behavior.

Malicious Activity Summary

steam discovery persistence phishing privilege_escalation

Enumerates connected drives

Detected potential entity reuse from brand STEAM.

Checks computer location settings

Executes dropped EXE

Drops file in Program Files directory

Drops file in Windows directory

Loads dropped DLL

System Location Discovery: System Language Discovery

Event Triggered Execution: Installer Packages

Browser Information Discovery

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 19:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 19:11

Reported

2024-11-08 19:14

Platform

win7-20240903-en

Max time kernel

108s

Max time network

152s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wwwwwwwwwwwww.msi

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation C:\Program Files\Koalageddon\Koalageddon.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Koalageddon\runtime\lib\security\public_suffix_list.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\psfontj2d.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\classlist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\slf4j-api-2.0.6-dd65c386e8c5f4e6e14de3f7a7ae60.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.management\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\ucrtbase.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.security.sasl\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\jna-platform-5.6.0-3c34526c4f2243e5d1d7caceb9243cd.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-util-desktop-1.3.0-8493905dc83f28d88ab0bc5efc673cb.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-file-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.security.sasl\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\PropertyLoader-1.0-fa4ec16cd0863af4cf71a88731eba37.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlin-stdlib-jdk7-1.8.0-e881855ce1f9d979c8fae52accc231d.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\javajpeg.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\SwtJavaFx-1.1-7d5354a35e5b72de6f6f961a3d59a739.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-client-cio-jvm-2.2.3-cd51e71fc629067977f84d156ad776d.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-handle-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\policy\limited\exempt_local.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\fontconfig.bfc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.logging\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\server\jvm.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlinx-coroutines-jdk8-1.6.4-9532e16578f95c1f9bb3d199fa1c1039.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\tzdb.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\foundation-layout-desktop-1.3.0-2a41879288ebb32c327f62a59054eb4f.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\mlib_image.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\bcpkix-jdk15on-1.66-a5b13435d46cb52abb0a47feb77e5e.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.xml\xerces.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\jdk.unsupported\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-geometry-desktop-1.3.0-a0d6ff9ba67c3f65211665b139bcf5c.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-localization-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\public_suffix.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.datatransfer\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\jdk.crypto.ec\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-memory-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\java.security C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.xml\dom.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\net.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.prefs\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-text-desktop-1.3.0-66c6ff6b69306fe56b8e9748469ef7ab.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\awt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\koalageddon-jvm-2.0.1.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-http-cio-jvm-2.2.3-619ea76ad4acc6f8eb952895cb7d3839.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlinx-coroutines-slf4j-1.6.4-ee321dc6b1536bf3c2df8b59cb84e8f.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\harfbuzz.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\c-libutl.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\Executor-3.0-4867e75d7efe8952a836ee63449.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-time-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\material-icons-extended-desktop-1.3.0-e5efe76264bf6932939e16916c91c8.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\modules C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\bcprov-jdk15on-1.66-fd57b228172782ae6a73d22a7ac9b45.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\jvm.lib C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\colorimaging.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\prefs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-client-content-negotiation-jvm-2.2.3-4a96a800692683a511d683fd9290.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-util-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\policy\unlimited\default_local.policy C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f76f068.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF122.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f76f06a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f76f067.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76f067.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF3F1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76f068.ipi C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A

Browser Information Discovery

discovery

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Koalageddon\Koalageddon.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Koalageddon\Koalageddon.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F\DefaultFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductName = "Koalageddon" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\PackageName = "wwwwwwwwwwwww.msi" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductIcon = "C:\\Windows\\Installer\\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\\JpARPPRODUCTICON" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\PackageCode = "EFEAD4423A6F1324DB76D9F43705B59D" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Version = "33554433" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2712 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2736 wrote to memory of 2712 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2736 wrote to memory of 2712 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2736 wrote to memory of 2712 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2736 wrote to memory of 2712 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2736 wrote to memory of 492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1424 wrote to memory of 1756 N/A C:\Program Files\Koalageddon\Koalageddon.exe C:\Program Files\Koalageddon\Koalageddon.exe
PID 1424 wrote to memory of 1756 N/A C:\Program Files\Koalageddon\Koalageddon.exe C:\Program Files\Koalageddon\Koalageddon.exe
PID 1424 wrote to memory of 1756 N/A C:\Program Files\Koalageddon\Koalageddon.exe C:\Program Files\Koalageddon\Koalageddon.exe
PID 2644 wrote to memory of 1504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 1504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 1504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2644 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wwwwwwwwwwwww.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 89C06C47AD24A181D9DFD7574FF8BB5F C

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 2EFCCEA585F5543186CF5CBAB6760FA7 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000390" "0000000000000494"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F329342039E159710E17A3B254DDC137

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef2f59758,0x7fef2f59768,0x7fef2f59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1104 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3960 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2416 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4068 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2360 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3780 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4288 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4348 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4392 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2356 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1284,i,14431138602473899697,17181047712681180774,131072 /prefetch:8

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 2.23.205.133:443 store.steampowered.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 help.steampowered.com udp
GB 104.124.170.33:443 help.steampowered.com tcp
GB 104.124.170.33:443 help.steampowered.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\MSIC227.tmp

MD5 4fdd16752561cf585fed1506914d73e0
SHA1 f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424
SHA256 aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7
SHA512 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

C:\Users\Admin\AppData\Local\Temp\MSIC2B4.tmp

MD5 e76ab52d50197baddbc0d921e1d8eea5
SHA1 3789e237ad3b07ef43f4014e99099a0b43b1392d
SHA256 6e3dae02524f00ee37f33123f7fac943ed2a8617988ec4a667fcddb7764c634c
SHA512 f21b9b45a3b8b079c26568962559d56377fe0cbefde287f4fb763c8fd85df72220858bca598dcbaaa47c0fa23ea9c4ed90375a40d6a55ca062dc373cfbe80c6e

C:\Windows\Installer\MSIF122.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Program Files\Koalageddon\runtime\legal\java.prefs\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Program Files\Koalageddon\runtime\legal\jdk.unsupported\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Program Files\Koalageddon\Koalageddon.exe

MD5 f3fee249c9335225e3af98f11d805f34
SHA1 1d5065a559c156c11caf81ebfa9f3366caba76b2
SHA256 edfc0e68e302b33410c0bcddca6bd2112f0816861cc9360e22b80c0004852e24
SHA512 f0652631f55e2530ff6e4b5462a48df7109a1969f14af8c9778b413fea84a0113e30c9281ff772921a981d45e8dcb9150d141cbc9b33d0fb98d3fec7a62e4896

C:\Config.Msi\f76f069.rbs

MD5 74c3ff85708aad0144a23f9d5f63ade5
SHA1 d95c57e7f810b0602e044944f0a3fd024e20d50d
SHA256 13283088a9904dd4d3e4dd728274b5af05fac51b6f759d415a6a5c36d47f3dd4
SHA512 54fb9244267bc3f6bea173e27d4456a6f9c34e624f761a2b05e20c20956be044621d2114941172512eefd0911783154ab90f7b2adcb0b9a9253368de569794cd

C:\Windows\Installer\f76f067.msi

MD5 155295f8dbaae190dd34adadecfb302e
SHA1 c720229eb480dadd40649a2447b3e618a83d568c
SHA256 793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
SHA512 cd6d4405bf387faa538426a2cfefdecd4c7f3a649f4cfce1eab85cea22a345f304525d222a48785528b7e19f83b76a536a1895e3f32ea8153d93ddae29850dd7

C:\Program Files\Koalageddon\app\Koalageddon.cfg

MD5 7aa4849ccca139f773ec9600939d134a
SHA1 6f564bc8ff510a34f122c3a003720b7d74fb1040
SHA256 f531d92293ea94b05f5ea513a4e716b7cf1bf16f423ecae8a56463785e368f0b
SHA512 3a21add2eb783318bc9080a60a3b9ccfe511f38dec322da5c75b134d683c531cd103395e754370c4beb43afc36e89f35d0d5d930e6bf2069522b71b277c5c9c1

C:\Program Files\Koalageddon\runtime\bin\jli.dll

MD5 3a315274152a0ff52027c0ba0a960a21
SHA1 e3ebb1bb6fbacbb12fd9f6231d950666f2e5a034
SHA256 4a40a3a94d69ae05a2d31143c3877ff4ab5bb497445324d1bd693998e0b9ef24
SHA512 9705a7cdc86ee88b64235f4d9362c7b4e610367598ac4f4617a9761675c229b3ad94ecbd321e48718f14fb09419545c01ac975d5e577217a1a2ba85723c6c5b9

\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 f1a23c251fcbb7041496352ec9bcffbe
SHA1 be4a00642ec82465bc7b3d0cc07d4e8df72094e8
SHA256 d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198
SHA512 31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9

\Program Files\Koalageddon\runtime\bin\vcruntime140.dll

MD5 7415c1cc63a0c46983e2a32581daefee
SHA1 5f8534d79c84ac45ad09b5a702c8c5c288eae240
SHA256 475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1
SHA512 3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 8906279245f7385b189a6b0b67df2d7c
SHA1 fcf03d9043a2daafe8e28dee0b130513677227e4
SHA256 f5183b8d7462c01031992267fe85680ab9c5b279bedc0b25ab219f7c2184766f
SHA512 67cac89ae58cc715976107f3bdf279b1e78945afd07e6f657e076d78e92ee1a98e3e7b8feae295af5ce35e00c804f3f53a890895badb1eed32377d85c21672b9

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 9b79965f06fd756a5efde11e8d373108
SHA1 3b9de8bf6b912f19f7742ad34a875cbe2b5ffa50
SHA256 1a916c0db285deb02c0b9df4d08dad5ea95700a6a812ea067bd637a91101a9f6
SHA512 7d4155c00d65c3554e90575178a80d20dc7c80d543c4b5c4c3f508f0811482515638fe513e291b82f958b4d7a63c9876be4e368557b07ff062961197ed4286fb

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 55b2eb7f17f82b2096e94bca9d2db901
SHA1 44d85f1b1134ee7a609165e9c142188c0f0b17e0
SHA256 f9d3f380023a4c45e74170fe69b32bca506ee1e1fbe670d965d5b50c616da0cb
SHA512 0cf0770f5965a83f546253decfa967d8f85c340b5f6ea220d3caa14245f3cdb37c53bf8d3da6c35297b22a3fa88e7621202634f6b3649d7d9c166a221d3456a5

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 4ec4790281017e616af632da1dc624e1
SHA1 342b15c5d3e34ab4ac0b9904b95d0d5b074447b7
SHA256 5cf5bbb861608131b5f560cbf34a3292c80886b7c75357acc779e0bf98e16639
SHA512 80c4e20d37eff29c7577b2d0ed67539a9c2c228edb48ab05d72648a6ed38f5ff537715c130342beb0e3ef16eb11179b9b484303354a026bda3a86d5414d24e69

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll

MD5 7a859e91fdcf78a584ac93aa85371bc9
SHA1 1fa9d9cad7cc26808e697373c1f5f32aaf59d6b7
SHA256 b7ee468f5b6c650dada7db3ad9e115a0e97135b3df095c3220dfd22ba277b607
SHA512 a368f21eca765afca86e03d59cf953500770f4a5bff8b86b2ac53f1b5174c627e061ce9a1f781dc56506774e0d0b09725e9698d4dc2d3a59e93da7ef3d900887

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 972544ade7e32bfdeb28b39bc734cdee
SHA1 87816f4afabbdec0ec2cfeb417748398505c5aa9
SHA256 7102f8d9d0f3f689129d7fe071b234077fba4dd3687071d1e2aeaa137b123f86
SHA512 5e1131b405e0c7a255b1c51073aff99e2d5c0d28fd3e55cabc04d463758a575a954008ea1ba5b4e2b345b49af448b93ad21dfc4a01573b3cb6e7256d9ecceef1

C:\Program Files\Koalageddon\runtime\bin\java.dll

MD5 aa069d2675ed9415ed03ec50618613cf
SHA1 ecdd5d910052006c1a98f51d927fe048739776e9
SHA256 66c02525e5ec60e0d74b4225ed6f7d85c778d774f298b46577aea82b369689c1
SHA512 55d3f64576e6e4bbbe89082b347161a8f8d67d4c0fb0a5104286bfbb4a822d8a8e88c7c161ea3db703032065cf716328fcc3db4acd4637c6157cef712977f845

C:\Program Files\Koalageddon\runtime\lib\jvm.cfg

MD5 7ce21bdcfa333c231d74a77394206302
SHA1 c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256 aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA512 8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

C:\Program Files\Koalageddon\runtime\bin\server\jvm.dll

MD5 89ad37a2cce32eec711b1df655ce4b8c
SHA1 1fa554d4382696eae8c2523990f3787598a22a24
SHA256 13bcca0624bfb0e41d684a97e50ca07479cb12c6643f61fadf72985688c7a6d1
SHA512 e09a135b86ea9d4778c31ded4a27210114a9db26fdb3085568c70064fb0fa2e8e1903a7286ff7df5025fb8b6fb02af960689fdb6f60820a023b2ae64af5497e8

C:\Program Files\Koalageddon\runtime\bin\vcruntime140_1.dll

MD5 fcda37abd3d9e9d8170cd1cd15bf9d3f
SHA1 b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2
SHA256 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6
SHA512 de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

C:\Program Files\Koalageddon\runtime\bin\msvcp140.dll

MD5 bf78c15068d6671693dfcdfa5770d705
SHA1 4418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256 a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA512 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-locale-l1-1-0.dll

MD5 dd8176e132eedea3322443046ac35ca2
SHA1 d13587c7cc52b2c6fbcaa548c8ed2c771a260769
SHA256 2eb96422375f1a7b687115b132a4005d2e7d3d5dc091fb0eb22a6471e712848e
SHA512 77cb8c44c8cc8dd29997fba4424407579ac91176482db3cf7bc37e1f9f6aa4c4f5ba14862d2f3a9c05d1fdd7ca5a043b5f566bd0e9a9e1ed837da9c11803b253

C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-time-l1-1-0.dll

MD5 1d48a3189a55b632798f0e859628b0fb
SHA1 61569a8e4f37adc353986d83efc90dc043cdc673
SHA256 b56bc94e8539603dd2f0fea2f25efd17966315067442507db4bffafcbc2955b0
SHA512 47f329102b703bfbb1ebaeb5203d1c8404a0c912019193c93d150a95bb0c5ba8dc101ac56d3283285f9f91239fc64a66a5357afe428a919b0be7194bada1f64f

\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll

MD5 dbc27d384679916ba76316fb5e972ea6
SHA1 fb9f021f2220c852f6ff4ea94e8577368f0616a4
SHA256 dd14133adf5c534539298422f6c4b52739f80aca8c5a85ca8c966dea9964ceb1
SHA512 cc0d8c56749ccb9d007b6d3f5c4a8f1d4e368bb81446ebcd7cc7b40399bbd56d0acaba588ca172ecb7472a8cbddbd4c366ffa38094a832f6d7e343b813ba565e

\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-math-l1-1-0.dll

MD5 a6a3d6d11d623e16866f38185853facd
SHA1 fbeadd1e9016908ecce5753de1d435d6fcf3d0b5
SHA256 a768339f0b03674735404248a039ec8591fcba6ff61a3c6812414537badd23b0
SHA512 abbf32ceb35e5ec6c1562f9f3b2652b96b7dbd97bfc08d918f987c0ec0503e8390dd697476b2a2389f0172cd8cf16029fd2ec5f32a9ba3688bf2ebeefb081b2c

C:\Program Files\Koalageddon\runtime\bin\jimage.dll

MD5 bd60efd008e48bb99caeac946ced792e
SHA1 855d278e7ca1c1e918bd5f32c2a3fd8772554f52
SHA256 fc2be5399a034c07beb51270471144eedecc5068139b7ae2a7dfff7719b19746
SHA512 d66a0095c57a521537dde53b4c3d730a719f91d41f51f1eb7efd666f5dbc00b9837e7ff28dd05cf3a8a2310a51083e3be044fd126840b0ddb885ff3e0edf5344

C:\Program Files\Koalageddon\runtime\lib\modules

MD5 c2ee0e3826328a754236745993350b24
SHA1 11325146dcde886025029df3c23f801c7776ecbc
SHA256 cd381ab9beb6d19f34509b8f9b444b23bb1a01499d65617cfe7b3534668c9696
SHA512 0fb52de03a9d566a92a7f53dc4edb2c878885c1b3f6b147150f1a4620316c9519cef83ce8be7df79a31ce4f44dd5fe2f83685bcb2809140ac904f58ee3afe45a

\Program Files\Koalageddon\runtime\bin\nio.dll

MD5 cf63016b7c60c45d7707b8aabb705ce3
SHA1 3d4067d14260cd816a52e3640774d1fcd8bd64b7
SHA256 b92a5e3024e1c05427cbdc593deaef2473a74d7baf4c5d98063ce6e98bd0a619
SHA512 d84a0d7ce7d5ebc59f17aced76b2aa12f924f9a823f776da49f7099b4f2c3828b737be0001e47486aca9eb70363d9cb9068a1d75524853d0792d71874ee3ca62

C:\Program Files\Koalageddon\app\bcprov-jdk15on-1.66-fd57b228172782ae6a73d22a7ac9b45.jar

MD5 318201d533696e9c309e511e0bb5dd4b
SHA1 d74788b1c608eeaa7b18c9dc306d0753fbfe80d9
SHA256 46c5d19ca0d4eb406b902a35bc35fe4d522b85d5b7505c361662de044611b485
SHA512 e6c1ec7b120422d7ea3a117191558672747ebee3d35aca923de4013c754397a4a24e9ec3f97a66afc36bea75627d9634eaaa44fcd6da80f1177d1623cd03ea59

C:\Program Files\Koalageddon\app\bcpkix-jdk15on-1.66-a5b13435d46cb52abb0a47feb77e5e.jar

MD5 99770ff0bbe41caaa6b4bcef9a81373d
SHA1 ea5589b94b94cb3365d48adea38f83a00fbb9b4e
SHA256 9cab2d6a97fc75e319d72fe6eb4fe207d4a4435b4140f47b41156b38c0863a62
SHA512 3e54afae3f043b0332eb263064e076da3ae791876fbe1026c01c6193244466a507ae53fe1b64e88ea58fab9bca01db2afba27ba17313e18f06b7dba8e8c5c868

C:\Program Files\Koalageddon\app\atomicfu-jvm-0.17.2-d6b6f3a195696acf1828b1f125125ed7.jar

MD5 123c23839aea1dac0ce76999f987e0a1
SHA1 f157876b2e8c240cccefd78f8a264248fc85f51b
SHA256 128affe73bb8a99351f93b1eeebc3825005df8c241b9a47498f6c64e26d039a5
SHA512 5cd50ce7d9ce01ebfb471cf8020bc3871a3afadba1c24c48e72241c4e4b6525b185362bc6462b4adf7c65e2d80cdcaf7bd9c3c49312bb584caf12528903c4013

C:\Program Files\Koalageddon\app\asn-one-0.4.0-d3153e6fec8296ebfbc8936fdcef775b.jar

MD5 0ed44204e268b6f70e32f1d02e117619
SHA1 74cb25517d18757a664ed9d3dee6aa2b76c45ab1
SHA256 97b97c88f7e87413912bbc3f0588b955b49589f65f88e2d5b5add5ddf3ec19c5
SHA512 32e9c6077e18fd7aad128620dad4c307a72b37a6d01ff8276e378090c5c2b95939da971d2b6c190ce61af9e640c499fdb252f5657b7f3ecd454b4706b32c363c

C:\Program Files\Koalageddon\app\appdirs-1.2.1-accf8bf9c4a91aee4c715d66240d4.jar

MD5 96d905e3b90a53543f2cc5a0654dfee4
SHA1 a5aa1999ebf5c053d497cd58b9221fe8823d6d6d
SHA256 1c3e66c853a6c508814201e28e6a8687576f4a78cdddfdf2febf7f447dd35ffb
SHA512 173a7b21017f7a16138ebba12f18f8df543d8f75da4f770dc37bd40ae38de74c8240fa33de4178d5344f984e08e151399d00c495accfbe588f72d3381d3e483f

C:\Program Files\Koalageddon\app\annotations-13.0-f4fb462172517b46b6cd900358515a.jar

MD5 220caeb4af9453baa13b3beb95405729
SHA1 8539b6d1de27a81dfa5f76099d210205c8126de0
SHA256 21c62075d4bb3f9a0938fc8ec838a717498a2d947ab9949bf2ca024a574a93cf
SHA512 54b719a33cb3164b51b0397bb19a307c9f4f863d409d5fb3051cb5f059c22396e90660d2c14cb77f0cf462cba73f2c60416eb53edf84d2c880463e81d3087d8f

C:\Program Files\Koalageddon\app\animation-desktop-1.3.0-6ed1e4ad7942e528b3f2af8cf36d32d.jar

MD5 ed7365b40630845605a1748e57f1121b
SHA1 f4205490f8f0c53466115f8a8aa459b4f1995eca
SHA256 ae6e222389babc212b96d0582b55a962a52aa249acfcd96bc60629614e807efb
SHA512 626945d618ad48d8410d0a04890a34ea54465651fb42f30074a41b4abf371589793bfa705603fb1c7d4d161c76dda3785dcd80a90363829eb657f7f4e24dc905

\Program Files\Koalageddon\runtime\bin\zip.dll

MD5 ade1f943087e19c5085ce31125f585b1
SHA1 9f6021d049b09008be221cc1721ea5d12d3dc877
SHA256 090ac3d37609f9717861dfb4535466fb1ff48b2213b837ddc3777f9c8d960d1e
SHA512 f3ed6bfd4614574e300b46545c3e43a73d363c252539a0efbf2bd9e2e8921029b0233a7f67f689dbb967eb648c88c0b012944841a4c3e11aad8d4eb66822857f

C:\Program Files\Koalageddon\app\animation-core-desktop-1.3.0-e4e0deec43a1fe5e167c411ddc9bf385.jar

MD5 5a520c626b84462f370e0fcfc41372b0
SHA1 eb8fdc5755bfedd507c7f9c18c42b5da0e4ef484
SHA256 a81f21bda4c67d075934506f7b738b909bb5fbaad9be5d91b000f7b440dee0ce
SHA512 2586584a5659fc130148e34d7fb196c3d87dd778efb4ac0b9863ea0a17d4d20cde17a514dc42e59490af45ffcbf48eedf3611036adf57b1984aa966da13412aa

\Program Files\Koalageddon\runtime\bin\net.dll

MD5 b4e840ed1c5dbca49f34028137fb3178
SHA1 98f24cac1b6f8b86ae24efe532720b5256e635fe
SHA256 e0e567586af9eab9f95b6d84b60fd2785e38e202908ca62579d0fa7261a65a83
SHA512 63610e17bf0a2b357e4bed5f78c2e6449ec4d498e70025ff37a8f80362d41e50cef6c4197b3b0eda6f842a8fa90e0e2f88dd59ff0eda1632f17137b5c852365e

memory/1756-348-0x0000000000290000-0x000000000029A000-memory.dmp

memory/1756-347-0x0000000000290000-0x000000000029A000-memory.dmp

memory/1756-433-0x0000000000290000-0x000000000029A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\Cab30F2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3114.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6fc20146475b06f061e87342176dde2
SHA1 562e4ad06dc6bfbeaae729d86e18bf81edfc16c2
SHA256 bcae1b44a32a9a42959eea0762b8b2a9c2b38bf77a604105b056067c7ded9f70
SHA512 ef8d63b86dfb1f94792392a85305141e5b3efddec6513953d6d85d6c98c60d6810ff4178bc9edb1fcde3277cc60a15cdb009e8ca7adbb9e74379fa839bc73c3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1b26a704f570a1b033a9a0ec27dfdbf
SHA1 8b837e38801ab06612ae10f7d563d227e3d27763
SHA256 e672eddadf98cc4a9102749da4ab6d83606e2208e340d986d3c2da3735008a49
SHA512 fe0cc8c522920fc573f3214a84d64b5662f47bf6066c5529d2799ce80f95424db7d11b5dc88c8e657691738eabdc6da9167ead7bef10f43b45ce3bb3f228422b

C:\Users\Admin\Downloads\download (1).htm.crdownload

MD5 a153ed21693bec1c527c94f05f9641ea
SHA1 98ee303675feaed8ab08d4d51450c38d6d1e9f89
SHA256 c6a987ffdd0c8dd504f2c957c0b7e00c896a037ed55d07d648d515cf3240dc59
SHA512 b832c9b4cca5da6f4195eb32580476072ee62a19b711720882e863333573a2979189a97d438506c56193d241bd5709e79045599f218918266570d3e4ab902eb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0f16950013d3a46db5ab2f977562c7e
SHA1 a647416310f28f682e79279169a1f80d2a6a3725
SHA256 62284997ac6da13dbab6365e87cd2ceaf9f20b2138087a49d176985243be3145
SHA512 2e6b836988063202006dbde2fe48e73a1c63ebb635a01cfe0a57cd4945084591b6d052d5312962e44cf8334e53b6397ab593efa4cc9ac73ef2a27b90b67ccfe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 49173abc4f1f25228cbd77cdf049a6b4
SHA1 931ef1bf3850f0e26697d8a9ba84ce9b655e1f91
SHA256 75452ef85543cac4ca11705be5e1851bfa2cc7ba317ec944e53b2238cf05bbbf
SHA512 2c88503364fb5a3e764c61e18800972a2fc9bdc50a4fcbf0714846d410db923f4353c724f4c23781b01e77fcc80a33fd76ac41d56c54ed442e7beb439bb3ecb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c141f5e87a58cb793aa0f79106f1965f
SHA1 c8275c719ec31bdc9345bc48ba23c25a6d481786
SHA256 3bc9e5e84b479b0dc395a5b7ea2e95a9edbd8447319fe9211e47e2054e4d448d
SHA512 0a602515af4216dd0dc23528d545f0d2c8dae78426f37f847668a090b0e01591007feff1e8f082c6e6c194b3ccc11673afd54d79b15a06d98217e0cf906fdbc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a87e14d5769e1783485940af8d80c19
SHA1 51d378ded3d14b18cd225778974b4b98836bc65e
SHA256 4fe11dbdb3966bf150c70d34e718c04c434d0dcf539476e38638cf17e9553404
SHA512 d8a699d920896feb877ef242d334638241c36512d0478731513fcf6d2d9e3b99d91de0f877f686548345becba16a60770196a3a5686aaae46c88c892f872b3f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a0354ebb9f884157c96713e0f46424c
SHA1 1a4841d61fb6c67538d9db900be414d01d830760
SHA256 6c317119d4811372ca9a91ed88bfea4b76c7c26470486b205cd18fb557486589
SHA512 af9575be929c545a3d245265628b15c24df03944a9bbb7339f567bf2edf145761959dda4bee9cf27d3457b3abd0c28eb654d8a47a337c451c1c783f982923b05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 0de1096411b23f842fc5b77e1a8f583b
SHA1 b925a681867ac101b8441bf6a529d6ac1e3c8acb
SHA256 082e648875ab240bcb7d0120319d7ba61addfa99de84ccfde03d2f81bdda9929
SHA512 282e1fa329824a9383601dc81d5ee4301a4e301e7ab3fb129b106eaaac972a68287d12cf691a967c547a2b5111a372d62794482d8895275ed7a5dc216a852e5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 9fa060a599b0ee1912f2073ed59df3c8
SHA1 eaaeef616747d09506c6ed1d96901d2c8d1ad4e0
SHA256 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c
SHA512 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 aa3794adfd20428fe34118f03bc93592
SHA1 591db28eb78acf0ee9fc1855a1bc45d038169855
SHA256 141849b5f1fabee6f3612317c0df48485ead9bd6147c26a04668061fcb643530
SHA512 699c10405d2fa42569ce3058e578c54c6da13e68a68484d4988101a55ecc044ec312f5409a5fdb3b33fe2f9cd9d94c20459c0aa4b05482a9273e2dcf405c115c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 c9e90bc8ec6a09d8a69f4a4dc6fe8b6a
SHA1 f099ace175891bb8b81eea2595bf8de8027bec6b
SHA256 8fa6b37e750ce1df8e880691ea6dcd4aa922b55a722aa0b1df8ed6302aaf723e
SHA512 c4bda62806935165c94191234b8782408876f1336279a26d58ab3a75f41c51433ad24516c0354a8a047c1e743c4fbb8989938b6a1ff29ae0585b3fd08230a497

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 585d504676687dbe72abd522e20a8834
SHA1 055c34a5c78bb8d26ffc956df3db2ae716ef6f78
SHA256 fcf9ce4166770f6622b4fb6d065847572d02224afeddae4c1a87ced5731ccd3c
SHA512 713bdc9d79aaa5590db232a1302bbba88a5f24df2e6f3a79b877fd180d3713b20417e97e5480124d7a1caa19708c37d4e615b300adf732f5e365cc75972a2ddb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 e13edde4a25e96e573f37bdd11e020aa
SHA1 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2
SHA256 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515
SHA512 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 2d64caa5ecbf5e42cbb766ca4d85e90e
SHA1 147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256 045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512 c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 544a6e4b1b34c5132739a0d2ba39b18d
SHA1 683d474bf1ef4998ae5e37bdd219f34f15a12eb5
SHA256 369ca10d1b319a8fb94a6cd6143f4a524833faec18688d733508dd2c4f6db7e1
SHA512 efa73011d5933b27c23282e0e3caaaec3485d6db3b92212106fa6636b18365704904e7cc444a8b51d0e32d3a29c13e1bc2dc296214c492675b912de85824d4c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 cc039445c6c92d32fb74a942a2876d71
SHA1 71cc9c01cf705b61ba163bceaa62651865ef5ee6
SHA256 1a71cffdaadd8f15a6268dfd76f3524409eb5fbad791ce30def403ea13a373a9
SHA512 1834c2c6d6529e69746be6ef8b441997a7e05b00303b10cd2dbc16b0d18cf89a6ead9fb943732f56f7f9b74e347b1bb889a71f08baee17b6b69afbc7350311ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 b507567f09861406425726176430b282
SHA1 ef31ff9a5a918797c76752018a667e29e415e580
SHA256 4390634070a440bead4ea3dc609984097da973983ac140b094149b4bbed1349f
SHA512 23e8a4e14a2a8608c817b88080fabce226ef7c280f5c87baa27780dc1307d60f75d215a91c3de6651f17e6df71219b3e51f2665ce9553c71f427a38e7c81d65b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 d45f521dba72b19a4096691a165b1990
SHA1 2a08728fbb9229acccbf907efdf4091f9b9a232f
SHA256 6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc
SHA512 9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 ce6bda6643b662a41b9fb570bdf72f83
SHA1 87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8
SHA256 0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
SHA512 8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 f222656f7796794674f732c474a033ac
SHA1 cea879731968ace9befe205c55679924f033464e
SHA256 2d9259afe79e20ac65865133ee69f28563201da61bbd8142cd964fd0097170d5
SHA512 9a2b31a325d8030a2aa6b5a932a8c56476a7bf995ac61d419e81477a0c7ecf5e92d5d4884a3d3fd9a67bd33dc619665d5e3bc05c3784c3bc51333abe4332b449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 6168553bef8c73ba623d6fe16b25e3e9
SHA1 4a31273b6f37f1f39b855edd0b764ec1b7b051e0
SHA256 d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66
SHA512 0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 757750902210ff3c0d12dee4dc5165c6
SHA1 a3599ca4bd5da9fb9c83e26813ef62327c541566
SHA256 72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67
SHA512 ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 56f52dd9560ee8ba83285a6a1f1fe8c1
SHA1 a4ef79a25f44c3cdd064e81a3bf7cd0ffdb6bda0
SHA256 2396ec52c9324a26c7e9871d5e22b2671b33378563c68e86b84897407a8bb665
SHA512 9cdf26985f66103930c3ac2c913c1019160d1268d7b80272483685ff42196428fa854a019d38da30488c44a4100002b7fec36717bc85d020c0d72771c5a2f429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 4d9ecc70dde56858a3451017cd7fd8d9
SHA1 88189cff695c454384884888ea46d9c11060c811
SHA256 e10acc2425b736f904ca0ec762a77b516ce7cea7391354841199e55750eee287
SHA512 dccdf161353e3fbd904b63f646ebf616e9eb977d23933575a307336aed6bb044902e11dc5990aa217f7b8cc16e190a968fc9077fe74f335c195c72de46c6f60c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 3c056e8e74a88874e293547911ba706f
SHA1 fc8d54feef9863e346fba55d897bd3c44b9cbb48
SHA256 b895edff081369f33e0600ef5e5d3098b7d0f258d0c689802f9165001eda6bdd
SHA512 b3826f0201e9eccea56153a1e82ab49e6a63a0b995a64d69a72e9b0b422f8b37083a0a242f99bb08dc27e29ca4f73f2864b71ad6c9d076add1d4752c62e1b245

C:\Users\Admin\Downloads\Unconfirmed 614614.crdownload

MD5 25d6184031a11d575dee007e3490aa08
SHA1 8409fc3e1021a0394840f4db3033be88c9d44e88
SHA256 cb0fc3d1832c0469b14dfd0a2a4479137cef45e09697bea4b2ff47bce56dd568
SHA512 9af65a3d2da859007746032045314240bf3e761e136251e75d36fe97cd8469e2c9715de91be1ce8a512e278054d55a6a57b5cf91d5ca9c17111908c16a6d8ea4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 665314924b00c966fb2a4c73d9107d60
SHA1 13c053d5dfe2e2824851b1c08e7592eb416807c5
SHA256 5c53236bf52397a173fc1567c51184cdaf31816fbffa74d77e7c30e469e8fd2f
SHA512 dc05a6f9df74f5cbab0e6082325b72fbcaaadc2a14fa66e216a4ac25a9cb55eaa8099bc1514a8b8cf1f54e43ef24e3b15956674f4f41d8177637527cbc4464db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d5e4d965e0eaec3130da53fa49b58388
SHA1 216030912f32fcef171303e5c0bf51a287e4afc8
SHA256 319f6048b031b1bacc30abf4add35ded0e6f8df6fdd4ed4586322231b3632447
SHA512 8297d6245102a88bbb1da02d553ef7b33eaade3c8c574f15fe445d98fc5f7db4f7dc8c847592562ef2f506c9d29e7e0d3b48a47e380532f52a7c84b60b2984e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 334e2b93f9c4f331ffc19d2e475bf788
SHA1 f3453427483c5ca331b8eef438b6a5890bb737e0
SHA256 2debc7df1ad0c1d7349236008486638f6498da4c4fe9a175f9433db8e80e2f61
SHA512 ccc3b3f8679f89bfeb415bd996adcaaf2687037de41635f5e754c0272d8ddebd6d4756657722a64be089a43a457fedab41a4c615b85fc3818f4d556d382effd9

C:\Users\Admin\AppData\Local\Temp\nszBC4F.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nszBC4F.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

memory/2424-1269-0x0000000001F30000-0x0000000001F32000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nszBC4F.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nszBC4F.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Temp\nszBC4F.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Temp\nszBC4F.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b9bfd019c748a9a65ebf88c1d525996a
SHA1 926d8009b8a0146f3f23da30a695af34b174d84d
SHA256 2798cc7a24b520fe7768a5c37162cea5e6cb85e611bd09941bb4bcadc90988d6
SHA512 9388d8e4a3ff8840d5d9bdafe2d10a2b6228cfb3eca4d2ffba65b7b89fde869b5ba59e9cd2c19a6fd4c3afcdcc2621fb29551bc83389c60d3d53b69e24c0bc9a

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna12849246571864047069.dll

MD5 e02979ecd43bcc9061eb2b494ab5af50
SHA1 3122ac0e751660f646c73b10c4f79685aa65c545
SHA256 a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a
SHA512 1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

memory/1756-1323-0x0000000000290000-0x0000000000292000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb80c0884cf9e26e9d3d5a89f25df5d9
SHA1 107766dd566329b0c2fd3c89d6dc72b69603abff
SHA256 bb260b885f83464ff80f0cfc306284a20cec521b72bc9629cb224c9d34844d9a
SHA512 dd6ed34b306669b8e883abdbe5583a10827d3e1c3b05cc58a68a3f54173703f7ce93eca516cf7a4b707cdb23f5951e938b2444b47032df0f2c0cc5fb99e45e75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b7c85f617591230f5bfa7e3f757ab8c
SHA1 030f441fc0aabca9f45b9a95447f5b685767459a
SHA256 f1f5007d7be661c4ba44cd16047561dd942bbcfa86d099d8ea8c4905814246ac
SHA512 26ba628a7aed8a74af35082545bf0fd700c655d99af47dd31a31eef322c35d9a2c7e5051bf680a345cc71727aa2b3025a718699b8c2be0a2431b1d51ab950a46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 169d34c7348c6408a64b8b7c0c2cb417
SHA1 ee30cdb061cd27747477bf971949136114d54a75
SHA256 b7b28bf40e67dc5e37a1140ddc6c9eebb1550ff5551f667928b6c069bbbe4591
SHA512 58e1d3d8d3e08e0336d9b52ee315070f11180d47008df67fa0a9e84e623b829f3f71543dc7152e5b8db345b5e49821291e32ac3d15440ad3d65302deda508735

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b384bb9ad711abf25ff5fc23c4d6b51
SHA1 e8017350d16884e174f802dfb48d1c6afe8e0fc2
SHA256 fd79a197c61f1d59b891692f2c9fc69353da035934ab253509a9132284a7b480
SHA512 337d2c89c8efcbe0b95de81fbf2c1eee7efe33223848ad435627e85ecb7449026be349544d6df62d737c01d4ac261538378ac73041f890eff947e9902f25ac84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\698ec89c-71eb-43e7-a843-2afe7156e452.tmp

MD5 5993a33cdf776aa5f717a22d279e4251
SHA1 41241b7c262b08ed81088a5376d9532e4edd13c7
SHA256 0b0aaba0ed4d8792e47b5946a372e70eb827c9eb5072944594ecfe3793948cf9
SHA512 1fba4350a109f6c221ac8ef6821ac86424d594185986d9db6fc5049f05fab91d4311cf0b154e933c8df868c3087c1b9f04c14230d4103ec5ea6f150b0d55301a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5cc9ba472ebf37ffc54db438757e0c04
SHA1 a0e808b9bd105be5c343f53c44e37fd19073d830
SHA256 4f5e690256fd8823523898f1c9368943607e6cf0c77a03cd429336463364d679
SHA512 23f71f8e39acb8a056a6da8991d26033af41f2d6637a0f9d1f1620f08f05ce4d4a3666f83dd35fb0a2c8fb55183dc49793c67d82638634608ff3e92b088e681c

memory/916-1491-0x0000000000290000-0x000000000029A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 19:11

Reported

2024-11-08 19:14

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

143s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wwwwwwwwwwwww.msi

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Koalageddon\app\material-icons-extended-desktop-1.3.0-e5efe76264bf6932939e16916c91c8.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\PeParser-3.1-c48591bef4ad95be5953db6129e5721.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\sound.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\instrument.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\runtime-desktop-1.3.0-54ac464446fef98e10ecdf8b20442cc7.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\security\cacerts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\unicode.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-localization-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kodein-di-jvm-7.18.0-26df9a79e768686def3c0e922a815a2.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\jvm.lib C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\Koalageddon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ByteUtilities-1.0-2d2583acbdb74f5ed6981b74188115e.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-debug-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\Utilities-1.9-1743ef7c86228a5fc7415c35d339dfdb.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\skiko-awt-0.7.50-f6f802814e7d5cbaca365b09fcbf7b8.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\colorimaging.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\jzlib-1.1.3-386d3714fef534d21175d8885ae48bf7.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-client-content-negotiation-jvm-2.2.3-4a96a800692683a511d683fd9290.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-client-core-jvm-2.2.3-10983389bcffa69d59376dc1a9121d1.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlinx-serialization-json-jvm-1.4.1-9cd33c9b12c371a5d8934c97466eb70.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\policy\limited\default_local.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.xml\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.transaction.xa\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.xml\xerces.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\tzdb.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\libpng.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\security\public_suffix_list.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-handle-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\tinylog-api-2.6.0-8aeb70ae2327e4f767fa3d8d23fc41a7.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.prefs\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-desktop-1.3.0-a7e94e2d777927f3ad9a25ad39acfba2.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlinx-coroutines-slf4j-1.6.4-ee321dc6b1536bf3c2df8b59cb84e8f.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\fontconfig.properties.src C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.datatransfer\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-websockets-jvm-2.2.3-3f5e2b16c8fd664048f4df7641eec6.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlinx-coroutines-jdk8-1.6.4-9532e16578f95c1f9bb3d199fa1c1039.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\mlib_image.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\policy\limited\exempt_local.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-private-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\policy\README.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-process-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\classlist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\jimage.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kaverit-jvm-2.3.0-17af38bb801a1e7f9991de1afdb3b4ed.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-util-desktop-1.3.0-8493905dc83f28d88ab0bc5efc673cb.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-http-jvm-2.2.3-15a672e4d075b69214c65d1ffea69e.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\psfont.properties.ja C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-websocket-serialization-jvm-2.2.3-4bcc63cb07cb2c13a1775cb4fccf8.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-console-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\lcms.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\verify.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\prefs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-unit-desktop-1.3.0-fa0f4cc64687b48417c78a5bf14718.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-events-jvm-2.2.3-735dd3b1c28f8e74b5ca8d7d8be79.jar C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e58555e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e58555e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55EB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585560.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C71B00F0-5060-3665-A444-1BFFD31FA5F7} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI58AB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009fc5eef0dbaffe7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009fc5eef00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809009fc5eef0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d9fc5eef0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009fc5eef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F\DefaultFeature C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Version = "33554433" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductName = "Koalageddon" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\PackageName = "wwwwwwwwwwwww.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\PackageCode = "EFEAD4423A6F1324DB76D9F43705B59D" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductIcon = "C:\\Windows\\Installer\\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\\JpARPPRODUCTICON" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wwwwwwwwwwwww.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 91B7D1F6F1E81C8D94677C0CFB9841D4 C

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding B9F894B0679FF38E0A2A8FAB6F795BDA C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 677844A9507AD9A986FE82C37D2831FC

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 246.197.219.23.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\MSI2BA.tmp

MD5 4fdd16752561cf585fed1506914d73e0
SHA1 f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424
SHA256 aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7
SHA512 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

C:\Users\Admin\AppData\Local\Temp\MSI3A6.tmp

MD5 e76ab52d50197baddbc0d921e1d8eea5
SHA1 3789e237ad3b07ef43f4014e99099a0b43b1392d
SHA256 6e3dae02524f00ee37f33123f7fac943ed2a8617988ec4a667fcddb7764c634c
SHA512 f21b9b45a3b8b079c26568962559d56377fe0cbefde287f4fb763c8fd85df72220858bca598dcbaaa47c0fa23ea9c4ed90375a40d6a55ca062dc373cfbe80c6e

C:\Windows\Installer\MSI55EB.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Program Files\Koalageddon\runtime\legal\java.prefs\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Program Files\Koalageddon\runtime\legal\jdk.unsupported\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Program Files\Koalageddon\Koalageddon.exe

MD5 f3fee249c9335225e3af98f11d805f34
SHA1 1d5065a559c156c11caf81ebfa9f3366caba76b2
SHA256 edfc0e68e302b33410c0bcddca6bd2112f0816861cc9360e22b80c0004852e24
SHA512 f0652631f55e2530ff6e4b5462a48df7109a1969f14af8c9778b413fea84a0113e30c9281ff772921a981d45e8dcb9150d141cbc9b33d0fb98d3fec7a62e4896

C:\Config.Msi\e58555f.rbs

MD5 67821edaac5c56381ad787baadf0e816
SHA1 2485a097e755af0fda3328fdda6b6b569d46fec3
SHA256 38937bbb01dad6eb0c2d61038f2517c5a5f4959c41e9a7f3cd93e08ab0b00e83
SHA512 b67480f2dbba1dc606649439de11448e3dead49799e41e0e38588bcf792f9da104105a682dd42abeb81d947f455be4f95a362af8fd70f35aa920b2a872cfdd1e

C:\Windows\Installer\e58555e.msi

MD5 155295f8dbaae190dd34adadecfb302e
SHA1 c720229eb480dadd40649a2447b3e618a83d568c
SHA256 793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
SHA512 cd6d4405bf387faa538426a2cfefdecd4c7f3a649f4cfce1eab85cea22a345f304525d222a48785528b7e19f83b76a536a1895e3f32ea8153d93ddae29850dd7

\??\Volume{f0eec59f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{fa0af237-fa22-4767-8897-33b1ede342d9}_OnDiskSnapshotProp

MD5 3127d8513282c8ec6e389cced647296d
SHA1 8a9b84d777e23ca437fec3c3c5bb61c8485c0526
SHA256 a84d6d74f20724e97fe77fff0fd5d4aa2680966518c48a401fac5863fe4e561c
SHA512 b7e78151f3bcdaea5886194cdf17b7a6b14c8db9082da0eb63a2d95b2ab798a038a1bec3cacafa39afa81d99f44a2e6adceddfe5a4c7f73fda402f4abed2c983

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 b11ae71d2247ed8db0de68e436fbf308
SHA1 37bbddf60cd9be1434445e78b8424d134af45cef
SHA256 765fa2319d41dee88724329d43872498b3d0ba045f13075d25d4e45f4e297341
SHA512 d981be27dec25fa9eff05b03cf4251bc930c48e46d5e100c6285cc06841133507d3f17631ae5a87f61dfe3ee88d377ae011bdcfd16e8bad412c30d83975eee09