Malware Analysis Report

2024-11-13 14:05

Sample ID 240225-pgyzjsca9y
Target https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/ was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-25 12:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 12:18

Reported

2024-02-25 12:23

Platform

win10v2004-20240221-en

Max time kernel

258s

Max time network

247s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/

Signatures

Lumma Stealer

stealer lumma

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1976 set thread context of 4460 N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe C:\Windows\SysWOW64\cmd.exe
PID 912 set thread context of 4696 N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe C:\Windows\SysWOW64\cmd.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533371430794416" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\Setup-File.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2104 wrote to memory of 3964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 3964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf3849758,0x7ffcf3849768,0x7ffcf3849778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5148 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5492 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5604 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3164 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5292 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x514 0x4ec

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@File_2255_P@ssWord#.zip\Full_Set_Up_File\@File_2255_P@ssWord#.rar"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@File_2255_P@ssWord# (1).zip\Full_Set_Up_File\@File_2255_P@ssWord#.rar"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:2

C:\Users\Admin\Desktop\New folder\Setup-File.exe

"C:\Users\Admin\Desktop\New folder\Setup-File.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\Desktop\New folder\Setup-File.exe

"C:\Users\Admin\Desktop\New folder\Setup-File.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.thegamesdownload.biz udp
US 104.21.55.170:443 www.thegamesdownload.biz tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 170.55.21.104.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 104.21.55.170:443 www.thegamesdownload.biz udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 www.thegamesdownload.net udp
US 8.8.8.8:53 canastagruff.com udp
US 67.199.248.11:443 bit.ly tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
NL 172.255.103.118:443 canastagruff.com tcp
US 188.114.96.2:443 www.thegamesdownload.net tcp
US 8.8.8.8:53 happynewyear2023.online udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
US 172.67.131.141:443 happynewyear2023.online tcp
US 8.8.8.8:53 thegamesdownload.biz udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 172.67.131.141:443 happynewyear2023.online udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 172.67.131.141:443 happynewyear2023.online udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 118.103.255.172.in-addr.arpa udp
US 8.8.8.8:53 141.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nobitgras.click udp
US 172.67.151.176:443 nobitgras.click tcp
US 172.67.151.176:443 nobitgras.click tcp
US 8.8.8.8:53 href.li udp
US 192.0.78.27:443 href.li tcp
US 192.0.78.27:443 href.li tcp
US 8.8.8.8:53 quoifck.click udp
US 172.67.180.36:80 quoifck.click tcp
US 172.67.180.36:80 quoifck.click tcp
US 8.8.8.8:53 176.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 27.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 dpaste.org udp
US 104.21.45.68:443 dpaste.org tcp
US 104.21.45.68:443 dpaste.org tcp
US 8.8.8.8:53 68.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 36.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 31.216.144.5:443 mega.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 15.125.203.66.in-addr.arpa udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs270n361.userstorage.mega.co.nz udp
LU 89.44.168.71:443 gfs270n361.userstorage.mega.co.nz tcp
LU 89.44.168.71:443 gfs270n361.userstorage.mega.co.nz tcp
LU 89.44.168.71:443 gfs270n361.userstorage.mega.co.nz tcp
LU 89.44.168.71:443 gfs270n361.userstorage.mega.co.nz tcp
US 8.8.8.8:53 71.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
LU 89.44.168.71:443 gfs270n361.userstorage.mega.co.nz tcp
LU 89.44.168.71:443 gfs270n361.userstorage.mega.co.nz tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs270n321.userstorage.mega.co.nz udp
LU 89.44.168.31:443 gfs270n321.userstorage.mega.co.nz tcp
LU 89.44.168.31:443 gfs270n321.userstorage.mega.co.nz tcp
LU 89.44.168.31:443 gfs270n321.userstorage.mega.co.nz tcp
LU 89.44.168.31:443 gfs270n321.userstorage.mega.co.nz tcp
LU 89.44.168.31:443 gfs270n321.userstorage.mega.co.nz tcp
LU 89.44.168.31:443 gfs270n321.userstorage.mega.co.nz tcp
US 8.8.8.8:53 31.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 associationokeo.shop udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp

Files

\??\pipe\crashpad_2104_KNLIFBJTFBFDYFVD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a1d2a05294b517ad2d50851c5cd1efb9
SHA1 da5558b0e6991eef9551997ba0d7a3ef80805e63
SHA256 faa1ccb4f300b18c2015b1c67941e2076b5170e17b52ea9de48b97a810a710e6
SHA512 01727caeea0e1a5953cfc5aac2da007e534b14aba56f876ff6498a1dcbd2aa363d338314178a62a34580f60827bcecc29d5e670c341fc9a14ff93868e1cfe7e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5dd84ba7b48683ae686439a18197749
SHA1 ffb1a71c6b1febe1f458b15bdd445dbe72b09a45
SHA256 869d46b1a3ec30d59e635d8ba2c43310da9313569f0c435736b29bd1785ad80c
SHA512 2edc9b8ecdc86d91568e85f9d970077bcc61bcaa3140681c36f5249ae3a3a5b3b20d361e53b91f2ca0745326294c5054b2d43591144630d28efdf15c6dcbfd9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dea595e7fd6c95bb23e54db918cddf67
SHA1 ca89b1812cac35d2035b2de5a246c3a52464b6fc
SHA256 91c025de685becb4e522616a049958e7e55d4d1d10b5e101e0a03d26773759df
SHA512 e02d9eb3141f81b4bc181fd3a0d9894f11307719cf8e3a691f8d218441f1d227466d196909c49f34fc5534f4f9e7cb5cb70313c6525d5ad1e4b2bce8ced9e30e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 49e22ee6dc7631ba61631195ea70fa35
SHA1 b077da696629088a586779ed65bdd67319bea7d9
SHA256 d22340c7e6438862e1f74da24ab29c786c2db7cf346ff02717836c1343ccdd45
SHA512 7fee6b4a919252f0507791261416a07c3da069b4cf96ee65c4e13d8e5c0726572f194daa772d1a9f36221caada62eed6f51667f97a0256d37ce5380cea9c245b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c7f45ea3cff98adfd4e4b6a69f5897ee
SHA1 500444382e0e80b45322dcf28863864201fc53da
SHA256 0f685f77cf3c3ad8c45755fb4759523ae7eb9a17db3682d4b1e7687fcef4b8a7
SHA512 ce7b68d81c6adef879d8e3170937759c10d6766207be732a03cdda1b56ff50225c0cd36223792ef414f9f7a770d5236f8e2c3137b51cd0301654ce472b6146ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55fc76588e5cfe4a11855a6265ee94d7
SHA1 a85e71ed9f15bcd8c4aa3050312569559b856268
SHA256 d1be349d20f6ce7f68507c19a0186102f050ba13e4888c8ceb8eb5e4d63dc688
SHA512 289e8cadecfd71d37be72cf9f3a45f22ee6dd8cdf8e7f136b5c11c5422d4f628e1adedde5f028c7bd8e8eba4aa22bbca5259e6c6763a5b932c35479217a2e633

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\Downloads\@File_2255_P@ssWord#.zip

MD5 dcdc3dd6fb6b3dfab420c3fdf1e9c76d
SHA1 1a9b10dbe5c5719fe2c4271d13b8fc783658f24f
SHA256 3ad453f7fd898c540b6a83fe2209509ee4dcf96585381c68d41f619cf93bed00
SHA512 5966eb937475d86340a27d2e7afd08d87ea9a86b53de227513228501fac4c6171a343c00e41bef6fa267d0af0cea4e70f60c42f491e413e8b0017f1c6bf464b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd66fa83cff5eb31ee678f0b8a9da555
SHA1 f675f7eec7275985d306db72f2dd4fe9ef0ebb8f
SHA256 daf8d174e9291dc615a49f5d8bb8a2380e662811337bed6c7ab57e2472d747ba
SHA512 df3434f7481d03124b3bce11f492475c733e03e4712a186fe281bb753acd0b97f4346a63d978f328f004497aff5ed9aa70f230a6d08f4170bf3d85e3e06305fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 11ad5f4827923bf2771479d06822243c
SHA1 58aa6f5c4b529f7f965f7c9944a23cb051e874b0
SHA256 b39b2789050960be0fbb98eb30d827b6dbc9a5792404047e34d8d5f11d7183c4
SHA512 69ba5bafe7e355ffb56d0cfd7690d7f03a1abd44e98b0ecd471703c28a9ad23c7f9e123d5bd9a57b99f4050e35e34346263342d3f63821db62522e9387fff48c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b4f1f96c8c7ce409caaf94b7f085fe32
SHA1 7a709d1d26235025bbde943b2c2c583d22e69a86
SHA256 0df729be37491a9374e1d7a19ecf8aafd33485e28e7770319848e82cee98c2fa
SHA512 49f9c04a67a1b2c1274d4130ee54fdc7f4a1f14ac4e955f645836d4bf9b897ec1a1ec9e882411fa19879a32f8bbb8bd2a113ef8cc2a876c3512a0171e95c4b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5815f4.TMP

MD5 4b994e4080dbf2b31f24de2f3ccacfc4
SHA1 243a32426713ba00d6c72d358034fc13f578c7e0
SHA256 2c9e1ef1b2ef43134c70e8bbe2f94cbe5892b5b3cfa8c3753ae3ffdd4aba6059
SHA512 5d2350e4d0e81bae0e936f57e923170c81a0fd773d9baea0275af47f0539e2733d78a28342fb6ab87f1863067d3893979b757da8185e7d9d5887598c8f96b99b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7a41f9bd1c0e3764bae68196fdd83907
SHA1 83a8611809d0fb321a1d72f58a492d443a046d7f
SHA256 61a03abf45e34fbbbe7939875769328dae10dc2db7a330fea602982adc2d4af4
SHA512 7d8e6194f8b33077aef2c428c13c183d66adfa98370d1242edded82d8705ebbe0b3a3426e24d31e38dc576858400d64075f479de40185fe81aea751e31d9dfca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582575.TMP

MD5 06f279a60cd025bfd533cc2e42c4241c
SHA1 cfe6e7af9deb19a74fe8d924f7daf56a59176d0a
SHA256 18b31a18a97457bd06d96598aea0b5d5122a21fbcad4c32be1023e61ef732032
SHA512 4b20868b9ce29e81ac724982ac8357949b685f8884ab340c8d47a4107b71458124ba9ea40589e6ed977377a3a943005a270178f90801840a65fff4b7b7e359aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 af489e0c261437aec5707be4130d3ae8
SHA1 d0dad5de4a26e92f714ddc8b8716ce78245bfe70
SHA256 9400266dfae9735d45a4fa2870583fc31577ec22e9ae3ef1089092e65c95ab57
SHA512 63e6babe06cf1fa3ea76b9153b36acfb8a0accefb342ed0413ca4dccc6a3128e8a2e38448cd262197c7a247dbd2e35ddc2e19e9357c0421c879cab4e4499cef9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4460ee387f390ef8f685b7f077c24c4e
SHA1 56779d781d1ed1bb24888eb46d7b30dafa81cca3
SHA256 58aadcc3ced098a28f629f5eb4b59673d228db27539fef42d6287ea68b92a42a
SHA512 5a6a43684a0035a73ef77b50e329f56b9156c0b328c3d87ef7369ad5de95d9bae0cd1da1c295641abf10366df8cb6fa40d8daffc9a3131d48a819c9b36fe09ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d68225333a40e1421daa9d6a54fa2897
SHA1 eec550f00e8bb0da69346cb831e204a331652095
SHA256 ecc652d87e22f6b68a67047c1811d6a73520c6e5ef1871ae299008325caffdcd
SHA512 2fe8f44cea5a0b96cc02dc66618d8cba4add14cd0848a560a104a7620f3cda42afccaffea041419c97d241dee92714a560fbfb62cd9b428eac6d9ccb09e4ad81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ee6e421e60cea230e2270bd8d1a36207
SHA1 b7a145b78a4e67796f9c7b07e912fca5c5cb5443
SHA256 8b723d4ea4f861aa24bf76ab6133062b8d01f7d70027d14586c8e873534dbe1e
SHA512 b4c3853864b700992b4fa2f825c410ecb2b750a71c02ead530b5ae8ae5dc6590aa828b6d0e51b09e08e775c9dc297d122993b3bcc2fd19ef4e30eeba948595bf

C:\Users\Admin\Desktop\New folder\Setup-File.exe

MD5 ae224c5e196ff381836c9e95deebb7d5
SHA1 910446a2a0f4e53307b6fdeb1a3e236c929e2ef4
SHA256 bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
SHA512 f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c

C:\Users\Admin\Desktop\New folder\glib-2.0.dll

MD5 2c86ec2ba23eb138528d70eef98e9aaf
SHA1 246846a3fe46df492f0887a31f7d52aae4faa71a
SHA256 030983470da06708cc55fd6aca92df199a051922b580db5db55c8cb6b203b51b
SHA512 396a3883fa65d7c3a0af7d607001a6099316a85563147cb34fa9806c9a4b39cfa90c7fa9eb4456399977eb47438d10896d25ed5327ae7aa3e3ae28cd1d13701c

C:\Users\Admin\Desktop\New folder\gobject-2.0.dll

MD5 24a7a712160abc3f23f7410b18de85b8
SHA1 a01c3e116b6496c9feaa2951f6f6633bb403c3a1
SHA256 78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8
SHA512 d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df

C:\Users\Admin\Desktop\New folder\vmtools.dll

MD5 a1c7b8b893a0e413f87d7304409fdb6c
SHA1 54afef7867790fbdca361bd36150bfcb0314171e
SHA256 3de9e8dc56516b31122f36600af63bed34eaa7f330a992f44a0903c588f803c6
SHA512 5bb97dc8a4f22113329e11112114bc06f774bb91b8a16d54d8c505deacb992222aeb763c0677b4c6781bd161b94c3ab92ec99aaea78a9f0fa83e250ce24e59bc

C:\Users\Admin\Desktop\New folder\iconv.dll

MD5 862dfc9bf209a46d6f4874614a6631cc
SHA1 43216aae64df217cba009145b6f9ad5b97fe927a
SHA256 84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b
SHA512 b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8

C:\Users\Admin\Desktop\New folder\monogyny.ppt

MD5 4a516d58ebbb9d2307640bbaaae5ebcb
SHA1 fad445cf0560b0568284cc8dcd66a9610c5ffa75
SHA256 9f2ffcb4d46535acb5a64e64ebf850fa1e8c66774450a660b1e770124823e1c2
SHA512 4bb6ec86149798e58f007bc02fd86c28060d549893d9da42bfefb7db8087ae25bdcba741f6147281146752024dd6850c412c3fbbce951e7c4a1f411eda7230fa

memory/1976-1444-0x00000000755A0000-0x000000007571B000-memory.dmp

C:\Users\Admin\Desktop\New folder\gthread-2.0.dll

MD5 78cf6611f6928a64b03a57fe218c3cd4
SHA1 c3f167e719aa944af2e80941ac629d39cec22308
SHA256 dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698
SHA512 5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c

memory/1976-1445-0x0000000000A90000-0x0000000000AA1000-memory.dmp

C:\Users\Admin\Desktop\New folder\intl.dll

MD5 d1a21e38593fddba8e51ed6bf7acf404
SHA1 759f16325f0920933ac977909b7fe261e0e129e6
SHA256 6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e
SHA512 3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e

C:\Users\Admin\Desktop\New folder\gmodule-2.0.dll

MD5 b0a421b1534f3194132ec091780472d8
SHA1 699b1edc2cb19a48999a52a62a57ffc0f48f1a78
SHA256 2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b
SHA512 ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98

memory/1976-1446-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

memory/1976-1455-0x00000000755A0000-0x000000007571B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb7c8573594b8eee127e9e069ef94d54
SHA1 86ec77b96578e18074c0bf75f53ebb28c2724d63
SHA256 5c3290e1bcd43b23e950484698008b757f6f022343902af4ffdb70908336287d
SHA512 de65fc1800523b37e410686f0e5988907a1c267f4237096a6424b59e102ebdd8b55e5ec97017f8e316958ee66f1fcf0ec5ef21d808ff0ec4d893970e4d76db9d

memory/1976-1465-0x00000000755A0000-0x000000007571B000-memory.dmp

memory/4460-1467-0x00000000755A0000-0x000000007571B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\c0458554

MD5 1360863ad01ca3090201a73204618808
SHA1 8a8d20ef56655ea807ae40ebc39b4c06c0a42811
SHA256 d5b0c17e3a4fcfe26ab2be458ebd75bb05f7e5c40d6c8f3bf02168b6ca8280eb
SHA512 63fe9191347e135ffe27ba7c79716d1046403cd997ffd1a2299eb6b853537b6bff5604ba2f1c45cfeb48854719054cf0040514766fa404fba5eadc464be99631

memory/4460-1469-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

memory/4872-1470-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1471-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1472-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1476-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1477-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1478-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1479-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1480-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1481-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4872-1482-0x00000239521B0000-0x00000239521B1000-memory.dmp

memory/4460-1484-0x00000000755A0000-0x000000007571B000-memory.dmp

memory/4460-1486-0x00000000755A0000-0x000000007571B000-memory.dmp

memory/4460-1488-0x00000000755A0000-0x000000007571B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

MD5 53aad2e4026c58223f4282f18954b224
SHA1 350ad08ce6d0f7d3e573b7254c18ba2dfbd4e2be
SHA256 be0f607d5dcf558b16910646b943f0e92da29fcb1590b8e5fb69d53f899b2ca5
SHA512 e9a0ba189e9862871235f3d339adb7de77c8c3a6cc574c9e3216b07ab460529befdd543f54fbacc139d071ea9549427402104b1d37cdacec6895af89590f8338

memory/2688-1491-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

memory/2688-1492-0x00000000000E0000-0x0000000000128000-memory.dmp

memory/2688-1493-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 07c60b42a25d94a7ea6c458f0d064280
SHA1 449ab1d1ebc369b7fdaa8fd384da0e753a8ab14b
SHA256 dc104e3aaf5b5ce774e7d232d47a716964654321155eecbb835a53ee7e721d9c
SHA512 b87f1063562ff504a927fc414e4e7e7d5d4909b702d054d70906c933e2f279dc8bafcefb914fdc8808809760bca60e87ae981c70db29229d08291bdd7623f59e

memory/2688-1503-0x0000000000400000-0x000000000040A000-memory.dmp

memory/2688-1504-0x00000000006C0000-0x00000000006C1000-memory.dmp

memory/2688-1505-0x00000000006C0000-0x00000000006C1000-memory.dmp

memory/2688-1506-0x00000000006C0000-0x0000000000700000-memory.dmp

memory/2688-1507-0x00000000000E0000-0x0000000000128000-memory.dmp

memory/912-1517-0x0000000000A90000-0x0000000000AA1000-memory.dmp

memory/912-1518-0x0000000075640000-0x00000000757BB000-memory.dmp

memory/912-1519-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

memory/912-1536-0x0000000075640000-0x00000000757BB000-memory.dmp

memory/912-1537-0x0000000075640000-0x00000000757BB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\29121630

MD5 78ab5743ae6908b507579314d9b288bd
SHA1 7b6408aad20214d133fafc61b092c8167928a148
SHA256 78844d54a0a5c04386960cd11416c20512fa7b0705c8a55a3b7a2bb697872a05
SHA512 c76805617455f2f03d740616f77f40e9c125b724e8358784f49cc69c76838e5c2f7977607c393f3b1ce342c48fe5fe37e19863e2bff626ad70aba82fe4c6da99

memory/4696-1539-0x0000000075640000-0x00000000757BB000-memory.dmp

memory/4696-1542-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

memory/4696-1543-0x0000000075640000-0x00000000757BB000-memory.dmp

memory/4696-1544-0x0000000075640000-0x00000000757BB000-memory.dmp

memory/4696-1546-0x0000000075640000-0x00000000757BB000-memory.dmp

memory/1596-1548-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp