Malware Analysis Report

2025-06-15 19:53

Sample ID 240425-tw9rtace88
Target Setup.exe
SHA256 bce765dc1c317a4a09000a228a3ce7ba93d802fbb5c7934618f847f5c467aae0
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bce765dc1c317a4a09000a228a3ce7ba93d802fbb5c7934618f847f5c467aae0

Threat Level: Known bad

The file Setup.exe was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Suspicious use of SetThreadContext

Drops file in System32 directory

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-25 16:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-25 16:25

Reported

2024-04-25 16:32

Platform

win7-20240215-en

Max time kernel

220s

Max time network

389s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2984 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\SysWOW64\WerFault.exe
PID 2984 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\SysWOW64\WerFault.exe
PID 2984 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\SysWOW64\WerFault.exe
PID 2984 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\SysWOW64\WerFault.exe
PID 2984 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\SysWOW64\WerFault.exe
PID 2984 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\SysWOW64\WerFault.exe
PID 2984 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\SysWOW64\WerFault.exe
PID 2596 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 256

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7109758,0x7fef7109768,0x7fef7109778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1308 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3308 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 --field-trial-handle=1164,i,10185269879078030013,14668939391816352013,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.204.78:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp

Files

memory/2984-0-0x0000000001390000-0x0000000001404000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14d8c5af6c0ded1a7d6dddea00a6042a
SHA1 5af668205b8b395ee30063d3ac52aef0ab2906bf
SHA256 ca7004d89fb2adccc83820432a089a9ebc7b888136e122e31b135c3e2fefcb28
SHA512 89c00d456e9b3a9b876f6e42a472239a4c45b4e460a434973a71e392176ffaa73d358e337a8536bd6a99368981bd0f313e6b9f9e080cde96fb6e05a1f7e58364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad198f701ca1daf78266d0d73bbf4d3a
SHA1 42398de0b7a0d52dbc30604c63458985924d97ae
SHA256 2824c32112d4799d2946b7b17ab76e70315430d37c6fbd563b6289bdd658ff89
SHA512 01aec29422a70207a3d6931e108c7bf67e4b851ad7d5c6dd14054cfcaf619e77627058d001183456e083e2a8b2dbc93bcb9e9abf814f104ac0a795e4614ecd36

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-25 16:25

Reported

2024-04-25 16:34

Platform

win10v2004-20240412-en

Max time kernel

497s

Max time network

490s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

Signatures

Lumma Stealer

stealer lumma

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\services.msc C:\Windows\system32\mmc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585360043917148" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 920 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3976 wrote to memory of 4844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 4844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3976 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 920 -ip 920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 632

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2bc6ab58,0x7ffe2bc6ab68,0x7ffe2bc6ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6cf02ae48,0x7ff6cf02ae58,0x7ff6cf02ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4868 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4556 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2580 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2332 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5104 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5308 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5520 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1956,i,10136291355230513367,8035912393708728302,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\lnstaller\" -spe -an -ai#7zMap28399:76:7zEvent3630

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4460 -ip 4460

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 636

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\services.msc"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\5f6a2a3d7060419c87414e82f6e55603 /t 1192 /p 3968

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3480 -ip 3480

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 640

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2408 -ip 2408

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 628

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1120 -ip 1120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 628

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3012 -ip 3012

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 640

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3988 -ip 3988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 628

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 952 -ip 952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 204

C:\Users\Admin\Desktop\lnstaller\Setup.exe

"C:\Users\Admin\Desktop\lnstaller\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4672 -ip 4672

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 alcojoldwograpciw.shop udp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 8.8.8.8:53 productivelookewr.shop udp
US 172.67.150.207:443 productivelookewr.shop tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 243.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 207.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 tolerateilusidjukl.shop udp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 8.8.8.8:53 shatterbreathepsw.shop udp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 8.8.8.8:53 shortsvelventysjo.shop udp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
NL 23.62.61.89:443 www.bing.com tcp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 41.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 19.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 incredibleextedwj.shop udp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 8.8.8.8:53 liabilitynighstjsko.shop udp
US 104.21.44.3:443 liabilitynighstjsko.shop tcp
US 8.8.8.8:53 69.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 106.86.21.104.in-addr.arpa udp
US 8.8.8.8:53 demonstationfukewko.shop udp
US 104.21.33.174:443 demonstationfukewko.shop tcp
US 8.8.8.8:53 3.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 174.33.21.104.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.204.78:443 apis.google.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 211.138.73.23.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.200.14:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 5350.xg4ken.com udp
GB 20.26.156.215:443 github.com tcp
IE 18.200.149.208:443 5350.xg4ken.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 208.149.200.18.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
IE 18.200.149.208:443 5350.xg4ken.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.10:443 bit.ly tcp
US 67.199.248.10:443 bit.ly tcp
NL 172.217.168.195:443 beacons.gcp.gvt2.com tcp
US 92.118.151.48:80 92.118.151.48 tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.16.227:443 beacons3.gvt2.com tcp
GB 172.217.16.227:443 beacons3.gvt2.com udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 48.151.118.92.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 dnsleaktest.com udp
US 23.239.16.110:443 dnsleaktest.com tcp
US 23.239.16.110:443 dnsleaktest.com tcp
US 23.239.16.110:443 dnsleaktest.com tcp
US 23.239.16.110:443 dnsleaktest.com tcp
US 8.8.8.8:53 www.dnsleaktest.com udp
US 8.8.8.8:53 110.16.239.23.in-addr.arpa udp
US 23.239.16.110:443 www.dnsleaktest.com tcp
US 23.239.16.110:443 www.dnsleaktest.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 173.194.213.94:443 beacons2.gvt2.com tcp
US 173.194.213.94:443 beacons2.gvt2.com udp
NL 172.217.168.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 94.213.194.173.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 172.67.150.207:443 productivelookewr.shop tcp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 104.21.44.3:443 liabilitynighstjsko.shop tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.16.227:443 beacons3.gvt2.com udp
US 104.21.33.174:443 demonstationfukewko.shop tcp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 alcojoldwograpciw.shop udp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 8.8.8.8:53 productivelookewr.shop udp
US 104.21.11.250:443 productivelookewr.shop tcp
US 104.21.11.250:443 productivelookewr.shop tcp
US 8.8.8.8:53 tolerateilusidjukl.shop udp
US 8.8.8.8:53 250.11.21.104.in-addr.arpa udp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 8.8.8.8:53 shatterbreathepsw.shop udp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 8.8.8.8:53 shortsvelventysjo.shop udp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 8.8.8.8:53 incredibleextedwj.shop udp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 8.8.8.8:53 liabilitynighstjsko.shop udp
US 172.67.192.138:443 liabilitynighstjsko.shop tcp
US 172.67.192.138:443 liabilitynighstjsko.shop tcp
US 8.8.8.8:53 demonstationfukewko.shop udp
US 172.67.147.169:443 demonstationfukewko.shop tcp
US 172.67.147.169:443 demonstationfukewko.shop tcp
US 8.8.8.8:53 138.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 169.147.67.172.in-addr.arpa udp
NL 172.217.168.195:443 beacons.gcp.gvt2.com udp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 104.21.11.250:443 productivelookewr.shop tcp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 172.67.192.138:443 liabilitynighstjsko.shop tcp
US 172.67.147.169:443 demonstationfukewko.shop tcp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 104.21.11.250:443 productivelookewr.shop tcp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 104.21.11.250:443 productivelookewr.shop tcp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 104.21.11.250:443 productivelookewr.shop tcp
US 104.21.48.243:443 alcojoldwograpciw.shop tcp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 104.21.11.250:443 productivelookewr.shop tcp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 172.67.147.41:443 tolerateilusidjukl.shop tcp
US 104.21.95.19:443 shatterbreathepsw.shop tcp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 172.67.216.69:443 shortsvelventysjo.shop tcp
US 172.67.192.138:443 liabilitynighstjsko.shop tcp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 172.67.147.169:443 demonstationfukewko.shop tcp
US 172.67.192.138:443 liabilitynighstjsko.shop tcp
US 172.67.147.169:443 demonstationfukewko.shop tcp
US 172.67.192.138:443 liabilitynighstjsko.shop tcp
US 172.67.147.169:443 demonstationfukewko.shop tcp
US 104.21.86.106:443 incredibleextedwj.shop tcp
US 172.67.192.138:443 liabilitynighstjsko.shop tcp
US 172.67.147.169:443 demonstationfukewko.shop tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

memory/920-0-0x0000000000DE0000-0x0000000000E54000-memory.dmp

memory/3412-1-0x0000000000400000-0x000000000044E000-memory.dmp

memory/3412-3-0x0000000000400000-0x000000000044E000-memory.dmp

memory/3412-4-0x0000000000400000-0x000000000044E000-memory.dmp

memory/920-5-0x0000000000DE0000-0x0000000000E54000-memory.dmp

memory/3412-6-0x0000000000400000-0x000000000044E000-memory.dmp

\??\pipe\crashpad_3976_HYBIHRWFQIRYSNVO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bfc417f353c34822b90d2467e698f8cb
SHA1 341623b8705e7632f1ffa63f91216f1791d193ff
SHA256 279ab93de84d0927c9ea8a468284adf1c85a28fd32d285e94df22cfdd0ab3e08
SHA512 392d1917cc2a1dcd93dd181ddfd6e8825a2e30ef95e4456624dfc1d3cd972c2a2d67c45a3bdc2b7bb4bc3a86302dbcaa3f0c2c26a2144adcfbebf7e9700ba433

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85f0fa24ff1922f8b703930a39babfe6
SHA1 b6ff14ebbcde743f0bfa8125e783cb1da1316281
SHA256 6bcf8701b25439bbd2b2db346d08cbc46dcf00d62976e8d4d8afeabd3646a952
SHA512 2c3dc30d926f56c4f6a998baff58f98f6dc904baa6eb05a1f964bb88c307798040bbce7bb3d968110fa9dd649022f60506c4b07bb1f073ffcc62e40f4206289f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c050e618ddb12a0f5d60bfa2646d077b
SHA1 17b20aaf325df846c1d09e04b52266e957b460ce
SHA256 f508f0f77da77b293b7892fe17a3528d5ca632f4e6d956948dbdaaff60f4d9a6
SHA512 1680a2ee81adf67347fc1a1d453c6be4d58eb6c9409756af24cb665d4b788c2007d2523afd9cc2cff01912d551035391173f0539f50df2e0aa0506528b1d1676

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8c150e5a66cb63b9bd0a3f93a0e1a7ed
SHA1 329c880f69154726e7d9ed12ffd8f4719abe36bd
SHA256 fb4285120f1b20500fc1a055044ceff5b09791a1d6821e7c8b5abcf06474039b
SHA512 63055b6604449650f0d940bc1adfa7913c4ce66dd91427b459794334dba3e11a6beffa8af108140ee748db991ed32b438dacba38055561a44e463230218f923e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77aceba3b298d18ff8ede1f93ebe2eeb
SHA1 471625937e99eebbf439c2fc370e9c85b787ec8d
SHA256 cff78630cf9e82cb7af187593f94dde93734028001094e1b6cd72741652a27f8
SHA512 c6724ecf524e5ceefa92d507ed90a5aaf377d6f3d58eea2265939da176d7367ede6d53d32c8acdb0eb0e228a7313dc6d326af02d6fbf79fde48ca6bc0ffeac32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fb86f13aa90f444b52d847ca7044df5a
SHA1 d9179829bbff179758c45ee521d89dcd434249de
SHA256 3c4466604f9633b4cf85bf61e72a3a67acc1c5323576056353fcd975dbaf7162
SHA512 2d20541e676e6fde7c1ca131d884b850ee78087da4a98b0c6704bf70364ef0977c2dbfbe5c8ccf83e6d697ae7597bf34bfc64af619b076f1e422f0ba0ba00019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27b9f11c9fa0eab9a8125ce17f86fc92
SHA1 36283c68652b7c264c45259cb284485cf9889d4a
SHA256 a97d65aab2add2e74481d00ea3decf99a62e4a6bd781f16b43351bc7d8d91587
SHA512 e1211144c2c5cc2725e80098bb773bcfd54c884cb054661f83249041acf59dba335eb2c555befa131fbbc7c815695693ba1fd429f082d193987e9a1f6e084620

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6aaa9a88b4bf165b9e845162171a2acf
SHA1 2c887c0e223c5f63874f96866f32ad968b433c71
SHA256 12ac444bbf80836f98349348a46af65351676d993e63d79df1631b5e10de3f7a
SHA512 3436a0c8ba65a4fd67b05ef505eff3215f99912f199c99eebc8694afca3e67f08d167f887107207d75f65b7d95b93f7cadb58dc354a0c7d1396a5f036068e941

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 e1831f8fadccd3ffa076214089522cea
SHA1 10acd26c218ff1bbbe6ac785eab5485045f61881
SHA256 9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac
SHA512 372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 2b312fee4bff7fb9b399aa619ae1811d
SHA1 cf5e3270ef62ea6ce023f9475dbf7ed67e10527c
SHA256 fd5fb41882dfe849ea47547bf38b9abc435683d7473703b4cb37e8c28b1de4cb
SHA512 3a42c3a12da46656d8dca9b54651027873f42d2ec2e6e706a41b4b520d387f0c3c0388e3d117bd49174d7074079f3404c00b6141c8dd22d38ef1a257f52a9791

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 0c2234caae44ab13c90c9d322d937077
SHA1 94b497520fcfb38d9fc900cad88cd636e9476f87
SHA256 d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912
SHA512 66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 9ccb3e387ecf1d1c32d33a33b61db8f3
SHA1 9d6625afcaa4d6bfe223268ccf82ff32ea9532a3
SHA256 3d34b64d0099f608de0e555d46338252a99d36f2a25af7180702c9966621fa0b
SHA512 05c3d41fd4115bd66c1a938ad644424f8df93f96ae27004c800e43acbc4b23568456574ceba605ea696fb594585811fedd0f9ec547a697344479e4d7516f65f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 135781ba0fc100cb4d8f970adfe2dc84
SHA1 99b531f24b724b21ba0dd32481ddb6f8dcc2584e
SHA256 ba7d42f359db1cd4f987b3ad63b460eca8209f1e32f2171068ff5ff1b4490dc7
SHA512 0b07183cc05907a5ab324f4f8b49698811b5e858d857f986ea1c47d2cc6f726b32a6f56d6bfa75896ac83039aafc45ef29ea763493e51d8f6e8c6e82985514c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a61ab988f0120512766830091788a619
SHA1 8812d03ab84ae6d13ea93b035fb372afb60ebc37
SHA256 dd62e78066bd83d6fa94233b0f666887da3cdca6d55aeb9e0eb9e87ab0818b57
SHA512 2c4b21f813aac0042244fc7bbd20885ca6afa2205491f58a677e29b02f9b01d51ca48464f3e04a19477024e7ea34024fe88dbda8ea9c75e3e02ac45e732aab81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a07f02f1ca46d30c69555acaa8118521
SHA1 9ebc9652648c0607fa37e11ca375da29bbc7fcc1
SHA256 d3c8490b9c2ebea448e3f62a5625bc08e0657b2f9002b2cf9ce856d5401dba14
SHA512 970fcaa789f86aa2889455d929a058e75fad8f9244df1cc67b255dd1a6addefcc549942686594c996c0d330d2472f0aecbd60194719dbddc4f2c7c071017c0a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 140101d384a40a519844f876e5312ea6
SHA1 d09de78084cd6a9a7d475b9f7a34a68aa89d64c5
SHA256 7ce84d29a7faab96e39a5e114432e72c2a3c63f75113a94905ded6bbb91625af
SHA512 99f64300579f4a8c8b6ab5c1a464a8c8b7ef5c942659213a6699dcd8890bc00a077fa81f5f210dccf48f4a1dff0c6459bae85fcab8f3df6e8f01ad35799732a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5978b1.TMP

MD5 371b57edf8dbfe516fc4ba062fbcc3a7
SHA1 d895c88f408391f60b3566027b6079fa003222af
SHA256 2834f28530df63dcb982ffc7758f4908386d23d6cfdf2530e975f8dc724c04c5
SHA512 e2b5967c086d9a6d017a607efd6a71c35cae480896e80d5e2696e6d9c66d8ba19385a361e194b492c8d05df9c0bbfafd0ab6b55c2ed76845ae188a05ed6fdebc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e5a6dd6a28282650df7dbabd01c05e12
SHA1 68bf943f2611f892a01c51ff8a9bfafb405ecc29
SHA256 9d61dc8a774dabe4ef63c192c4fe99a62b671806bd209ddd6c296dc59b2ac963
SHA512 5e9c7831c3b4078d8012397c57ca7944056e01ad79d229d6c5b5a20e90dffa3f2198a82e0b824311e05c337ab0a1127fad9ab3df5e780db7227d30b316b07601

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2887dd61d0b929c4b73a94edef0d68c
SHA1 ca23eb5dfc40c36ddace339237abec5b678b5f25
SHA256 b1748c070e9af0ec7d53da25bc0f13c4f401ffc50976b743c43844b2135b3a7c
SHA512 26cdfb0ff84273e8fbf19c82f505ae0c9884ff4aa707b9e2030132b64177278c332859a30802fbdcd31e85235bf0e7def5e6c583978f34f55ac3adb735db9f6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e41f6ca4c413bf70ac2ba30589c72cc8
SHA1 b5e846a4f5e7c70f8159f2ef8c44703f5434abb7
SHA256 caa92a998b1cbfaf047ca8772ad806d6d50a3047b6c689bd32f9a4efcfa8b913
SHA512 e204e2cdfdb0cf5d187e9d3774b5f60b2048275ac1ed4db95e0ca4c5e24324ddb29f8a123f00f701d439c553ced5f4f05fc42e23b3ecd4db9b6a529bd4a65f92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec0710c045db5e52e63d4b5b7ce05454
SHA1 ada5cfc4990c08307687ed0484b249a3960f5c42
SHA256 19cc9602011aeb4c2b5e7f0fb500f42cf7188f2586e1cbcc075b0e7c434d1b45
SHA512 964e4692c368c6b669263780d9991982c42a1d69bd62021ac7dee5cf4cc42e3493d740d8fe53ad5513ed2c52faed32fd671e31f5925cdd1642ef1606694cc3d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a74e3f04b9980f569b2aec3e106c95bd
SHA1 ccff2f045cc266ae62fc60f111fc4eaad6623147
SHA256 bd98c5a0a109ca45bacf2d3b0918ab2047bebea3c1efdaccc21534fca855e394
SHA512 ba4a11b88281275fc3a507e67698fc4e24db1feeea695941258cd6b592888f701a860534d8a955714153221ea43c1816b907f19cc13451373c9e5e5316c1b75c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c2ccb29f9c19258385572a723e9a0f0
SHA1 b74e2a438b06d808fe35fd52ef160093a7979b3b
SHA256 96191fd8aba5dd50b9c1d99679680f54416af9415f96e107ac80e825a7ed82e6
SHA512 71e011532ae7612a1956abe3128b23ecd33f66dbe3cc2c8b4e0f5a4aabb90dbbe9878e323859061e5fc2ac766f1fb113623440e498836254a0cb343c51f985f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d395cd79070b16e6b3654d675c710d8d
SHA1 c48d7c3e770493d20f4587354fcd0bc1a51548e0
SHA256 81eb08618b9f805f56454c1fe025dcef682e272c2a36af646f3518a477b54dc1
SHA512 2ed8cc004eb22cd070a2e8026f886f370d52ffca644673be20c3d79e34acd8760d926ef8225c2038aa477b23801b0e68fbb8e163cb8c45c19c6992d55deb5f4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8d884a0956d8ed604b0299341bf40c7a
SHA1 17e445705f3766e0a76880a0da0816a3bf0dcdce
SHA256 61d90dab400cb68f00abc6a9d4b298228cbaed541228ec7497239cb9dba9291c
SHA512 b2bd30579016f5ca1a5c32b36edbf78087fcac641280f165f4f0f785167ae6b6236e6e7240716b19747d576bdd7aaa0086ac4abb22454133ceae049c66017cd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 756c47a1559bf547e471be0ad3f02805
SHA1 9f478f0faa553f9f7dfce8e6f2e9aa5585e788be
SHA256 27a98f1e010d53794a2eb975cbe8b31ca676611931ae613db711fbfc902b6a53
SHA512 709f41cdd1ccaa41de74f9d370615cb37280a52a594710d66416ee673e51105635c56d93af1a6f938d93f99427a4b6c46cf381947554df8e8bcbd1f3c1a0de7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e85092a4fd8203300f2e45a41c2c32e6
SHA1 4a71da183b9f11ba1fa6371b6fd2ca62f99d0719
SHA256 650493398044054b2dd63439f7891d3938abb0cf232b4006d8c1204d4d1849a9
SHA512 ec7fda24fb01761712043571b8d2e83ce3de06625073e0be1ce45f9dcb704fa59d05018b4ad0fdf8bfbfefbef919317eba6de7cc83eb8e1bff4b4c591cfe940e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 756555c8a249499ef04f34a32656b0d4
SHA1 4615210e736c97d53271a17a3e27c21296b9aa14
SHA256 f7040ba8c47d4cb6979f1e435dc19aad8a068248eeba8e5ef05c11b596bb6b46
SHA512 16c70a7cf60e3752f15b3118e0003829a28850411ba2328a74e70bbaaf0abf0d048e717183d566eba4ca89c623e228d2e484c95103f16c94f44f15d4686efdd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 843648290740feb1cb7a519c73a37e91
SHA1 9347fb317c2a19bf810c6a57c7987327516b6ff1
SHA256 33e54cb9325eb13a4c8c123a06675dacef1604bf318ef7fcdfd52f0313f34d98
SHA512 79dfa1cf5f33ab18410e0f358385b2ab9b5c9d727b2e8eb5477aebc3d7cf34c1126c334bd2988d385de7c33bdcac3f5f525c064653cf3f40522e3cd0a03eb3c1

C:\Users\Admin\Downloads\lnstaller.rar.crdownload

MD5 9f929cbe6bcd1b5936c3a0bba0f88f95
SHA1 787264956d5dcc3c32a1f7feb31986c39d696135
SHA256 2c9b8de48fb7acc67737f9bc248a903a8f5ae1de237aa3d3ea50538d96927926
SHA512 66d930d9f7c826e9050bff17efb309f2fe8529ec0a792cfa414f92c959e4b30fa03d77bbe43c39040b4fe4068f02c2c88b583621ea31c2ee6b23554bfdc9e984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bca290ae6a2a551a32b9ad37d5758874
SHA1 72b7bf8bf17424a5ddcbd31eae0439eb9c180f6d
SHA256 652f02a5a002e383d6bbddea089ada962b747ea52c1555b7437b8502309b15ca
SHA512 cffc50c0f72a037f6405878a5d97382c4aa3082a860a873a5603685861ac182cad87dc95b4c419b14c4119688b50324e28deb38bd7b6e41f3db62d2b977dddb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2bcf21d25ee2215eb7cc8533165f19ee
SHA1 e11a5da531a7f947f7dde58cbca967bbd5d6ec1a
SHA256 a7ecc12c40d6975e2d32e21c1c87c51494772af877d30147371a68044f271e84
SHA512 7239eee2ceb6da41b3cc0fbba50e49e1ff8627deebbfebb9c7636bf8a9e368ede943d54c77870e3ff324980e0b947490ec32230dc1f70e904808495b88afcb41

C:\Users\Admin\Desktop\lnstaller\Setup.exe

MD5 ce9903e5b7a9e6c90024b0a464b41563
SHA1 f6d2a961a83eeff8d37fc8b43530451997a23966
SHA256 bce765dc1c317a4a09000a228a3ce7ba93d802fbb5c7934618f847f5c467aae0
SHA512 3c7aae290acd1701a7035519db4dabc4a26ac36138cfa16947d3ee24cfc30df45fcad1cbd251802c9791a071fafeafe2ed3631f26f1806ca3295ab66a71d49e5

memory/4460-801-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/3760-805-0x0000000000400000-0x000000000044E000-memory.dmp

memory/4460-806-0x0000000000E60000-0x0000000000ED4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0a833949a656dc7e10468cde76d2bffc
SHA1 f7a73c9db5b455d8a76cfa19628b988f8aacdbe1
SHA256 a60b22a57fc8a8ab36da0faf8e79b263547e685e243649f2bab647d37eb72e13
SHA512 1b8980e721562f332f430f8e9ad6d4ce098f150df7f7529ee3a71fdfd4fd4e996439b4ccbfc461c54dd23a292830f657c43155289cca3f6ada31542c27831976

memory/1264-818-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-816-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-817-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-822-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-823-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-824-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-825-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-827-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-826-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

memory/1264-828-0x000001AC79E50000-0x000001AC79E51000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 99bbf9fdf4b7fc98c0614c49443ed40c
SHA1 a0366cae1f0c4df96a6be554d73d9131fd9217c0
SHA256 51568db7a92f655112aefa414585c968410b29820ceb1157dc0d5a6bfda21392
SHA512 7d714d034adca78c133c47a8d8c10595f8856c78daf263d5d621d8aabce6bea511bfa7ea14e606b0cdf944a44caa26b468bab33ed1f78f108a1c375da51ffe09

memory/3480-846-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/1668-849-0x0000000000400000-0x000000000044E000-memory.dmp

memory/2408-853-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/2168-855-0x0000000000400000-0x000000000044E000-memory.dmp

memory/1668-856-0x0000000000400000-0x000000000044E000-memory.dmp

memory/1120-859-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/3924-862-0x0000000000400000-0x000000000044E000-memory.dmp

memory/3012-865-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/5092-868-0x0000000000400000-0x000000000044E000-memory.dmp

memory/3924-869-0x0000000000400000-0x000000000044E000-memory.dmp

memory/3988-872-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/348-875-0x0000000000400000-0x000000000044E000-memory.dmp

memory/952-878-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/4860-881-0x0000000000400000-0x000000000044E000-memory.dmp

memory/4672-883-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/2724-887-0x0000000000400000-0x000000000044E000-memory.dmp

memory/4672-888-0x0000000000E60000-0x0000000000ED4000-memory.dmp

memory/348-889-0x0000000000400000-0x000000000044E000-memory.dmp

memory/2724-890-0x0000000000400000-0x000000000044E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3846f93283d254e110e320dc9f83cb5a
SHA1 9ebaed07bb1e2f063f6ce32a45e27749548f32fe
SHA256 9968f18e8dea580d7c042e51902057de2cb752097ae31262e5457f665242911a
SHA512 734d6f203836d3023213968b801db0d3730debfea60e76e5d73f2900da4ce0cef88dedd00c528b0009face893ccd0588652846f71649a9adae8c3cb71c0a40ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af4bb1f3a83245d3702f53f9de485b57
SHA1 cfde634719eb1703986946d47daf7ebb3dd8cf7a
SHA256 dfc4df2eab5b882a6bcab96d5c108ec1bf9e1c474a289a21a9b8ed9db41d6041
SHA512 2188b4a203ff9f3847f14938d038a5fec4b6cf793f80d2092320192a4a187e34eea69532e48c773eeaa658f69e619dfc1b48e6ca2e30a0c302aa9d57f9c7e3fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4153896d17ef7d09a6cf2695e4c9005c
SHA1 ea6a6f8f9115c09164f16847142d7213bb51f264
SHA256 7d703aa6962c560d2f8c2ac780e5a69b280cbad90792e792ad73f334b5640fa3
SHA512 d3f47e6bd0a39c886832d3bcb7d8f70420ec6485f4e356789d1833bf5655a8855e12928f684059ecc92df6d40974cf297d70ff135c37c917251cdb19b0362c80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 be0ec4302a6f392ea7f5c9cb24d4059d
SHA1 204a02b95ee1d859cc8db34bad403efa18ed88bb
SHA256 a9fe88846839180e3df9488d551b645c1cac1fadc025aee9b18103fd10d05069
SHA512 f957acef05a9099667791f34b76799cb02e4123b4f79bbe669c1150ecc863b96a557022615c7d57194ae2b88a487ad667ac68629aa065c84df298e89a7a02060