Malware Analysis Report

2024-11-13 14:25

Sample ID 210822-5eeesr7pln
Target https://disk.yandex.ru/d/CorFoVL1X65cTw
Tags
echelon spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://disk.yandex.ru/d/CorFoVL1X65cTw was found to be: Known bad.

Malicious Activity Summary

echelon spyware stealer

Echelon

Executes dropped EXE

Reads user/profile data of web browsers

Looks up external IP address via web service

Enumerates physical storage devices

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-08-22 10:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-22 10:19

Reported

2021-08-22 10:24

Platform

win10v20210410

Max time kernel

300s

Max time network

303s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://disk.yandex.ru/d/CorFoVL1X65cTw

Signatures

Echelon

stealer spyware echelon

Reads user/profile data of web browsers

spyware stealer

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ip-api.com N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3156 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 2788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3156 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://disk.yandex.ru/d/CorFoVL1X65cTw

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff844514f50,0x7ff844514f60,0x7ff844514f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1504 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4832 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6056 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7aa77a890,0x7ff7aa77a8a0,0x7ff7aa77a8b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5720 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6044 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7416 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7340 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7344 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7408 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7712 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8172 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8444 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8596 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8608 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8580 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7944 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1460,5790309675403519684,6088483272056869198,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\nixware.rar"

C:\Users\Admin\AppData\Local\Temp\7zO496D9675\ExLoader_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\7zO496D9675\ExLoader_Installer.exe"

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe" org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 6048 -s 352

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\nixpaste.dll"

C:\Users\Admin\Desktop\ExLoader_Installer.exe

"C:\Users\Admin\Desktop\ExLoader_Installer.exe"

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe" org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3872 -s 356

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\ExLoader_Installer.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap8036:94:7zEvent2378

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\ExLoader_Installer.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 clients2.google.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 8.8.8.8:53 disk.yandex.ru udp
N/A 142.251.36.46:443 clients2.google.com tcp
N/A 142.250.179.141:443 accounts.google.com tcp
N/A 87.250.250.50:443 disk.yandex.ru tcp
N/A 8.8.8.8:53 pki.goog udp
N/A 8.8.8.8:53 repository.certum.pl udp
N/A 216.239.32.29:80 pki.goog tcp
N/A 216.239.32.29:80 pki.goog tcp
N/A 104.110.191.15:80 repository.certum.pl tcp
N/A 8.8.8.8:53 clients2.googleusercontent.com udp
N/A 142.250.179.193:443 clients2.googleusercontent.com tcp
N/A 142.250.179.193:443 clients2.googleusercontent.com udp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 8.8.8.8:53 yastatic.net udp
N/A 178.154.131.215:443 yastatic.net tcp
N/A 178.154.131.215:443 yastatic.net tcp
N/A 178.154.131.215:443 yastatic.net tcp
N/A 178.154.131.215:443 yastatic.net tcp
N/A 8.8.8.8:53 mc.yandex.ru udp
N/A 93.158.134.119:443 mc.yandex.ru tcp
N/A 8.8.8.8:53 translate.googleapis.com udp
N/A 172.217.168.202:443 translate.googleapis.com tcp
N/A 8.8.8.8:53 yandex.ru udp
N/A 5.255.255.88:443 yandex.ru tcp
N/A 8.8.8.8:53 an.yandex.ru udp
N/A 213.180.193.90:443 an.yandex.ru tcp
N/A 5.255.255.88:443 yandex.ru tcp
N/A 8.8.8.8:53 avatars.mds.yandex.net udp
N/A 87.250.247.182:443 avatars.mds.yandex.net tcp
N/A 213.180.193.90:443 an.yandex.ru tcp
N/A 8.8.8.8:53 ads.adfox.ru udp
N/A 77.88.21.179:443 ads.adfox.ru tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 224.0.0.251:5353 udp
N/A 8.8.8.8:443 dns.google udp
N/A 95.216.101.186:443 tcp
N/A 212.11.152.206:443 tcp
N/A 80.64.106.147:443 tcp
N/A 35.190.16.14:443 tcp
N/A 87.250.250.114:443 tcp
N/A 80.64.106.148:443 tcp
N/A 148.251.41.185:443 tcp
N/A 185.15.175.132:443 tcp
N/A 81.222.128.216:443 tcp
N/A 89.108.119.28:443 tcp
N/A 216.58.208.98:443 tcp
N/A 52.208.28.104:443 tcp
N/A 77.88.21.127:443 tcp
N/A 91.192.148.30:443 tcp
N/A 37.18.16.21:443 tcp
N/A 148.251.41.185:443 tcp
N/A 194.226.130.229:443 tcp
N/A 216.58.208.98:443 udp
N/A 148.251.236.115:443 tcp
N/A 77.88.33.247:443 tcp
N/A 142.250.179.162:443 tcp
N/A 142.250.179.162:443 tcp
N/A 142.250.179.162:443 udp
N/A 148.251.236.118:443 tcp
N/A 142.250.179.195:443 tcp
N/A 142.250.179.195:443 udp
N/A 172.217.19.196:443 udp
N/A 172.217.19.195:443 tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.174:443 tcp
N/A 142.251.36.46:443 clients2.google.com udp
N/A 172.217.19.202:443 udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 50.19.119.155:443 api.ipify.org tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 8.8.8.8:53 dns.google udp
N/A 141.8.193.236:80 f0568803.xsph.ru tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 54.235.188.103:443 api.ipify.org tcp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 141.8.193.236:80 f0568803.xsph.ru tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8cbc6d1b481bcfdf928b1e330cea2a0f
SHA1 504fc13c17e5be4cc38b908d3f8a9bb66499adeb
SHA256 003546e1b3b5c86763426eda2f9997f7ea8430bcca9a217f294ba8cde273250a
SHA512 c2775b7989df17cd196accce289551d33889b8b6c56a18c46a20377e33643534453e5a894cf306278fac688ba011e9344c32b347e978e9d9b5275163193d13f7

memory/524-116-0x0000000000000000-mapping.dmp

memory/2788-122-0x0000000000000000-mapping.dmp

memory/2684-121-0x0000000000000000-mapping.dmp

memory/3392-126-0x0000000000000000-mapping.dmp

memory/2684-123-0x00007FF84ED70000-0x00007FF84ED71000-memory.dmp

\??\pipe\crashpad_3156_VWWWCVPPGKYCPDAJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2252-136-0x0000000000000000-mapping.dmp

memory/1616-140-0x0000000000000000-mapping.dmp

memory/3272-147-0x0000000000000000-mapping.dmp

memory/2156-149-0x0000000000000000-mapping.dmp

memory/3980-154-0x0000000000000000-mapping.dmp

memory/2588-157-0x0000000000000000-mapping.dmp

memory/4252-172-0x0000000000000000-mapping.dmp

memory/4468-179-0x0000000000000000-mapping.dmp

memory/4572-186-0x0000000000000000-mapping.dmp

memory/4600-191-0x0000000000000000-mapping.dmp

memory/4676-196-0x0000000000000000-mapping.dmp

memory/4704-201-0x0000000000000000-mapping.dmp

memory/4780-206-0x0000000000000000-mapping.dmp

memory/4808-211-0x0000000000000000-mapping.dmp

memory/4860-216-0x0000000000000000-mapping.dmp

memory/4936-221-0x0000000000000000-mapping.dmp

memory/4960-225-0x0000000000000000-mapping.dmp

memory/5016-228-0x0000000000000000-mapping.dmp

memory/5072-232-0x0000000000000000-mapping.dmp

\??\pipe\crashpad_4960_GVUQGJFGLVOGNEOA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/512-237-0x0000000000000000-mapping.dmp

memory/1216-240-0x0000000000000000-mapping.dmp

memory/4256-246-0x0000000000000000-mapping.dmp

memory/4416-251-0x0000000000000000-mapping.dmp

memory/4608-255-0x0000000000000000-mapping.dmp

memory/4736-259-0x0000000000000000-mapping.dmp

memory/4804-264-0x0000000000000000-mapping.dmp

memory/4784-267-0x0000000000000000-mapping.dmp

memory/4840-272-0x0000000000000000-mapping.dmp

memory/4944-278-0x0000000000000000-mapping.dmp

memory/4928-282-0x0000000000000000-mapping.dmp

memory/4860-287-0x0000000000000000-mapping.dmp

memory/5064-292-0x0000000000000000-mapping.dmp

memory/5104-297-0x0000000000000000-mapping.dmp

memory/4316-302-0x0000000000000000-mapping.dmp

memory/4184-309-0x0000000000000000-mapping.dmp

memory/4924-314-0x0000000000000000-mapping.dmp

memory/4956-318-0x0000000000000000-mapping.dmp

memory/5108-324-0x0000000000000000-mapping.dmp

memory/4640-327-0x0000000000000000-mapping.dmp

memory/4792-332-0x0000000000000000-mapping.dmp

memory/4828-336-0x0000000000000000-mapping.dmp

memory/4852-342-0x0000000000000000-mapping.dmp

memory/4188-347-0x0000000000000000-mapping.dmp

memory/4952-351-0x0000000000000000-mapping.dmp

memory/4388-359-0x0000000000000000-mapping.dmp

memory/4920-364-0x0000000000000000-mapping.dmp

memory/4976-367-0x0000000000000000-mapping.dmp

memory/5156-374-0x0000000000000000-mapping.dmp

memory/5212-379-0x0000000000000000-mapping.dmp

memory/5268-383-0x0000000000000000-mapping.dmp

memory/5324-387-0x0000000000000000-mapping.dmp

memory/5340-390-0x0000000000000000-mapping.dmp

memory/5512-401-0x0000000000000000-mapping.dmp

C:\Users\Admin\Downloads\nixware.rar

MD5 2fc9db6c5a5b81e94db1fc78a2bcf5fb
SHA1 5ce83c2b3a303419b2dc3282e53d13ddfe62d236
SHA256 8a643c1ef44063ede9245eb0381887a81f4903f08e46a20d32bf2b4025c8a226
SHA512 f515887cbe18a3803a2a59baf068fb4d43d0def654bbd393f517ceffdc4bd3d21b19bc725503dc93b6a908783da8f579e253eedd27895f4fc702df115957841a

memory/5864-408-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zO496D9675\ExLoader_Installer.exe

MD5 e379e32a7ebab69886a166b052085e48
SHA1 2c91af7b4fe73dc260ac82d2b698a024ee1cd967
SHA256 1d936ea9fb383d4cc2138f2e6a1469321ad308b0b9a4e4ab062bd6d19da041bb
SHA512 afc68ee0f66389f0978f707c2f8ccc469fd9df0e82c7f317984cab5f4783ffc9f673a37edae2180e327dd23d8096d5d294769d13f8ac2baa3d28a38ee9b3ba6b

C:\Users\Admin\AppData\Local\Temp\7zO496D9675\ExLoader_Installer.exe

MD5 e379e32a7ebab69886a166b052085e48
SHA1 2c91af7b4fe73dc260ac82d2b698a024ee1cd967
SHA256 1d936ea9fb383d4cc2138f2e6a1469321ad308b0b9a4e4ab062bd6d19da041bb
SHA512 afc68ee0f66389f0978f707c2f8ccc469fd9df0e82c7f317984cab5f4783ffc9f673a37edae2180e327dd23d8096d5d294769d13f8ac2baa3d28a38ee9b3ba6b

memory/5972-411-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 aed36b8bf86392fe50542b04e2ca65db
SHA1 0784304913211b659a63e44ce8793652ca29942e
SHA256 d7e98e9e242b7c4d17723f42e5cffc54cc58141a2f0f4ee547a0f611410a59f7
SHA512 11822394c2c72fc7865759805d971f361edb13ff2ac8bdcf5e10821cd6ee2e8e41d00f32dda5c2de7f138330155b9bfa9a6ab2cae0b33de1477ed6176502e1db

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 aed36b8bf86392fe50542b04e2ca65db
SHA1 0784304913211b659a63e44ce8793652ca29942e
SHA256 d7e98e9e242b7c4d17723f42e5cffc54cc58141a2f0f4ee547a0f611410a59f7
SHA512 11822394c2c72fc7865759805d971f361edb13ff2ac8bdcf5e10821cd6ee2e8e41d00f32dda5c2de7f138330155b9bfa9a6ab2cae0b33de1477ed6176502e1db

memory/5972-414-0x0000026E188C0000-0x0000026E188C1000-memory.dmp

memory/6016-416-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe

MD5 c6e79e50fb866565b6b9e8ef3c2aa2ff
SHA1 5783a03b54beea6051f0306e317f62ba5c8cda5d
SHA256 d58dfcb2e4062e1bba45592c2a8fc6badea96a3287d5e7210e1ab408b2146f3a
SHA512 0288817ba77feb24174acd0b2b6b8cfc58f74150274a33addac0549e2a6bf68b586e6891322b377bdaf68a173f2419bc2c90dce91b84e674f91a931fad14e10d

C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe

MD5 c6e79e50fb866565b6b9e8ef3c2aa2ff
SHA1 5783a03b54beea6051f0306e317f62ba5c8cda5d
SHA256 d58dfcb2e4062e1bba45592c2a8fc6badea96a3287d5e7210e1ab408b2146f3a
SHA512 0288817ba77feb24174acd0b2b6b8cfc58f74150274a33addac0549e2a6bf68b586e6891322b377bdaf68a173f2419bc2c90dce91b84e674f91a931fad14e10d

memory/6048-419-0x0000000000000000-mapping.dmp

memory/5972-420-0x0000026E333F0000-0x0000026E33461000-memory.dmp

memory/5972-421-0x0000026E33602000-0x0000026E33603000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 8ee018331e95a610680a789192a9d362
SHA1 e1fba0ac3f3d8689acf6c2ee26afdfd0c8e02df9
SHA256 94354ea6703c5ef5fa052aeb1d29715587d80300858ebc063a61c02b7e6e9575
SHA512 4b89b5adc77641e497eda7db62a48fee7b4b8dda83bff637cac850645d31deb93aafee5afeb41390e07fd16505a63f418b6cb153a1d35777c483e2d6d3f783b4

memory/4152-423-0x0000000000000000-mapping.dmp

memory/4176-424-0x0000000000000000-mapping.dmp

memory/3872-427-0x0000000000000000-mapping.dmp

memory/4152-429-0x0000029D9EB02000-0x0000029D9EB03000-memory.dmp