Malware Analysis Report

2025-05-05 21:21

Sample ID 240510-r36mmaec92
Target https://gofile.io/d/BZ1Ftt
Tags
persistence pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://gofile.io/d/BZ1Ftt was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence pyinstaller

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Detects Pyinstaller

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry class

NTFS ADS

Opens file in notepad (likely ransom note)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 14:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 14:44

Reported

2024-05-10 14:48

Platform

win10v2004-20240426-en

Max time kernel

53s

Max time network

55s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/BZ1Ftt

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598260821605397" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1332 wrote to memory of 2732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 2732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 1408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1332 wrote to memory of 4240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/BZ1Ftt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1e89ab58,0x7fff1e89ab68,0x7fff1e89ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3256 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4648 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\lock2go\" -spe -an -ai#7zMap30104:76:7zEvent32186

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lock2go\instructions.txt

C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE

"C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 gofile.io udp
FR 51.178.66.33:443 gofile.io tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 ad.a-ads.com udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
DE 136.243.55.84:443 ad.a-ads.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 static.a-ads.com udp
US 204.79.197.237:443 g.bing.com tcp
DE 148.251.194.214:443 static.a-ads.com tcp
BE 2.17.107.123:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 84.55.243.136.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 214.194.251.148.in-addr.arpa udp
US 8.8.8.8:53 123.107.17.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cold1.gofile.io udp
FR 31.14.70.248:443 cold1.gofile.io tcp
FR 31.14.70.248:443 cold1.gofile.io tcp
US 8.8.8.8:53 248.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 2.17.196.104:443 www.bing.com tcp
US 8.8.8.8:53 104.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp

Files

\??\pipe\crashpad_1332_COGGHLAELQQBEMNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 202f9fdf49bfd3d10c4ac573a2bd0a90
SHA1 d359ec13a3be7bd3d88a6a4dc5019c6cab66b433
SHA256 05d4614a8ab345db220c7a56253af9b5f6154f2382d5576aa15fbbecf6e72573
SHA512 96cb6902b9607caeb9ada0aed8ed41314a26af2338f0f4050eb1ce1925e2b2eda9e81d37bd4986152994298f27b26ef5e66f16cc8c8cb548be1b22d4e5292157

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24db7cce5642dbc69ad10e138a6df515
SHA1 85d9cd93513ad4cd3380815e4973d3d6e0e40f78
SHA256 b4193a3371e176a083fa65bdb09d0a11a57278247ed2e444b025d63e0e9d220f
SHA512 cf930cb0409c40ef0dbc06ef2218c0ff6299f4dbcdce7a43db7d63dead0f9cbe4f36f869e5d4db8186006245deb2e8b499c5c753210bab28d02243aa365140ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3532691ee76a0d3b3a13338cf900d4ac
SHA1 56608d519bd5b58bb5a5fa5946702fa9ce0f22bc
SHA256 ecd5a944343472d48fd5c604ea3a2831fe83b8ad768eb936a129149ccdc7cbed
SHA512 d3809f9e1ebc6482b729331a96678ec8c43ecd2d5a14e262fb8f0b7d13657e6a625e6b7191184af358f28b0d78a8d5f7012a4d959d453b7fc9aa269beb464ef5

C:\Users\Admin\Downloads\lock2go.rar

MD5 42b986dd380d029466a821faf08a48f6
SHA1 5692ca918e1fcdf6ba36a0c4153042b404eb5746
SHA256 5ebe5f043379b3e10bb40e8a27653b93e71f51c848f7d19a96cfbe2b4d5615b5
SHA512 d28bf00fbba9579bc1a38ca06d20697d9ea7d9d7e69023923b38b4788adcde5bf15515328732eba4b56dc00695f5b096205166c2505353f610b5125fc30b9c60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e7849003953e381c0f08f25523ac619
SHA1 3b19fd96278289931cce71b9223451a64cbf500b
SHA256 681093bcd79268c67b2b367091679e2375d73f181209a8092bbe6ad54168432a
SHA512 de3e8f86904d1d73aa9ed1173a66c8f9b5778752ffa16e0415beab5c3e94a20d97ce1430e7c9b3e5ce1577d3287de7be7bded0d6d8b0c9ffdf36d1182a6f9313

C:\Users\Admin\Downloads\lock2go\instructions.txt

MD5 980fca82625fc2609334e91ddfe3c797
SHA1 45309187d31395dd50b51482d930b9461290f2c8
SHA256 bf9d27f8636e27c64b21a5ec00482fa8d8dc022e6bd12e3a63f0800d51d9558d
SHA512 7b6a455dacd57ca3bf2453fa7e88bebb2813dddf9406d41efd1dc0a387fcb58a60e0055273a31c6b08d23dfa44bae648169d0288a5ac051258670d2b4a0199db

C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE

MD5 fe08519e7e60cdeb45a8c59194c9530a
SHA1 81b021f5609b30203b5c6c2f3d641b221767bf38
SHA256 beda349bcb2fbd6e9300e4cc2f6e2d04dec80a43871dd85fb93868055a677bf3
SHA512 d57a749c59deb2d774cca6671e3030f55c66858f8ff7b428f5a160c67d2335c4b2c0c4a25d70e82fe5649d5fcfafa1884f395e502c0590433ea2ffd48f75048d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

MD5 1865683e49a401e02e57058ae9761c92
SHA1 4fe814655b0b2cbfb4fe56daf7fb3e059ba75560
SHA256 008dc90ac87b8733886c2a312a3521b9e863005fd24db53cce79aff021050619
SHA512 b5016041f8285990ec90c3efd5eaba01c90feb67ebc8c5759a5a336dc0896fefa37c08ea6a6412e8e6458dec6e152669ce57462bba6006e0818ac77aa505a336

C:\Users\Admin\AppData\Local\Temp\_MEI10162\python311.dll

MD5 b8769a867abc02bfdd8637bea508cab2
SHA1 782f5fb799328c001bca77643e31fb7824f9d8cc
SHA256 9cf39945840ee8d769e47ffdb554044550b5843b29c68fa3849ba9376c3a7ec8
SHA512 bf01e343877a92d458373c02a9d64426118915ade324cf12d6ff200970da641358e8f362732cd9a8508845e367313c9bab2772d59a9ae8d934cd0dd7d28535b3

C:\Users\Admin\AppData\Local\Temp\_MEI10162\VCRUNTIME140.dll

MD5 1e6e97d60d411a2dee8964d3d05adb15
SHA1 0a2fe6ec6b6675c44998c282dbb1cd8787612faf
SHA256 8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9
SHA512 3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

C:\Users\Admin\AppData\Local\Temp\_MEI10162\base_library.zip

MD5 83d235e1f5b0ee5b0282b5ab7244f6c4
SHA1 629a1ce71314d7abbce96674a1ddf9f38c4a5e9c
SHA256 db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0
SHA512 77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f

C:\Users\Admin\AppData\Local\Temp\_MEI10162\libcrypto-1_1.dll

MD5 90311ea0cc27e27d2998969c57eba038
SHA1 4653f1261fb7b16bc64c72833cfb93f0662d6f6d
SHA256 239d518dd67d8c2bbf6aeaded86ed464865e914db6bf3b115973d525ebd7d367
SHA512 6e2f839fb8d7aaab0b51778670da104c36355e22991eae930d2eaecabab45b40fda5e2317f1c928a803146855ac5553e4e464a65213696311c206bec926775d8

C:\Users\Admin\AppData\Local\Temp\_MEI10162\_tkinter.pyd

MD5 992ec7ea4dcbb3cdbe94f3099f5e7ca2
SHA1 85520ae918f92144c29b916bd94d3657e7485d73
SHA256 eceb324020654062f58a9b7947b98ffb57c7b75d2899840c34845e4cd5ef520f
SHA512 ba0e4fe67de83f9719c2e69f5ac52ab4c3fb2ba8d23981930a8a9ae103c97bd8d867f56a7a156803dc039aaf4701d78f816d96454a3260c409923b937dd96a1e

C:\Users\Admin\AppData\Local\Temp\_MEI10162\_socket.pyd

MD5 b55ce33c6ba6d7af221f3d8b1a30a6f7
SHA1 b8696ed5b7a52c9bfda5c1ea4bd43a9ecc17fed0
SHA256 ec5817b46539f9a5cbf1525cf7c714bc0e9f5a918fc4b963dec9c301b86c7d1f
SHA512 4d15d90dd2bacc8c9537533b1267455fbc030e38546c1f6f4eb7dabe690c744471bd45c079f0c711b9eca330f1a413ea37fc6b08810854d5f51b69b19e991462

C:\Users\Admin\AppData\Local\Temp\_MEI10162\_lzma.pyd

MD5 b4251ed45538a2a7d79737db8fb139db
SHA1 cded1a4637e7e18684d89cd34c73cfae424183e6
SHA256 caad390c4c3c6b1e50a33754a0af7d2c3f4b1245c8ead79ff7f7be0e5654e210
SHA512 d40f7de85c8dbb3e16135e1f8d8ce829cb681eaab49c6f4c40792fa8f733743df70cfa7c6224e06bff68214069f90cd960970ac47d0348e9827a2136789c43c1

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk86t.dll

MD5 2d22c933ab895730b49058514ac16a5f
SHA1 86a589ea7a942f9f09adc99e037ccb7bfabe28e1
SHA256 f37b85b38f04303a1394c95dd2e67f08efbde1bafd9bfc3b2403e171bf5f979b
SHA512 5d697895c728b3c5fb4a2d16ee5bde3b9644365af8b35dbc221b01ed3462896f8d8c8fd5fa946ce7f1a65d0f561b7d0fc18befb9b3257b3728bc99cdf58973c4

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl86t.dll

MD5 d99809b3282ce68bffc5ee22ff7f78e3
SHA1 9608d2e0d5c8f786ad8e6d74fb8ec0592700e860
SHA256 7ed409592314926d14c5d1663fce0701d1b0a2bc6d0360bfbe4014efd230f7df
SHA512 8492114f53f7feab88c3ea414e248a83db779e8c31c1289fece4085b9e916c6a189ee6a058a9dbca3f84b053a873d9ef6832673cf1df787a20bf8a15e5a28a66

C:\Users\Admin\AppData\Local\Temp\_MEI10162\_hashlib.pyd

MD5 303a1d7d21ca6e625950a966d17f86be
SHA1 660aaad68207dc0a4d757307ad57e86b120f2d91
SHA256 53180306bad339e76cc427009db15f124f49d4c879676258264365a7e2ed703f
SHA512 99036d59cad6f286e8f901acadcc7db192bb385699228b1b34907ea49fb5ff07b636550c04f0d4b70f161a26ea2e58794d9080d69d053ada08d2ad9bd3f861df

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\init.tcl

MD5 982eae7a49263817d83f744ffcd00c0e
SHA1 81723dfea5576a0916abeff639debe04ce1d2c83
SHA256 331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f
SHA512 31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

C:\Users\Admin\AppData\Local\Temp\_MEI10162\_decimal.pyd

MD5 bcdbf3a04a8bfd8c8a9624996735fc1a
SHA1 08d35c136fe5c779b67f56ae7165b394d5c8d8ef
SHA256 1f6db9be716626f6803cefd646fbbc478878c6acce597d9f6c5776dc7b69d3c7
SHA512 d22195c0a0535f7986d0a6d0bb820d36c8824a0b15378cb5d5ab0f334064896e0d64ed880d706f80e0b96d022631fc6b4fcc47371ca1d5cdd2c37dd75c62274b

C:\Users\Admin\AppData\Local\Temp\_MEI10162\_bz2.pyd

MD5 f73ea2b834471fb01d491a65caa1eea3
SHA1 00e888645e0a1638c639a2c21df04a3baa4c640a
SHA256 8633e8ad7172b095ed7ba40fa1039a64b04b20e6f42ac428e103d0c793831bda
SHA512 b8329b33d78458c2ac7979a5c5a19bd37ea9a473682d23faf54e77cfc5edadc0426490add9864e99a719ac5b4a57c5326ed82496adf80afd1876577caa608418

C:\Users\Admin\AppData\Local\Temp\_MEI10162\unicodedata.pyd

MD5 b98d5dd9980b29ce394675dc757509b8
SHA1 7a3ad4947458baa61de998bc8fde1ef736a3a26c
SHA256 1498105d00434a5ebbaa6bee2e5f5677c34a948b2073d789f4d4b5968a4c8aaf
SHA512 ba7e52deaf88aab062646d6a70f9e15016fcbdcf55a4f16d8c73ea6a63ad591eb3b623514a9fecc03188b1d1eb55a6b168da55bb035dc7d605cae53def2b65f2

C:\Users\Admin\AppData\Local\Temp\_MEI10162\select.pyd

MD5 aae48cf580702fec3a79524d1721305c
SHA1 33f68231ff3e82adc90c3c9589d5cc918ad9c936
SHA256 93b2b54c80d03ff7ade5fe4cd03baed8c5b5a8e1edcd695a53bae2e369006265
SHA512 1c826364015684bb3fb36ce1fcb608da88f4c74b0eec6b53f4ca07b5ea99fee8b4e318c1570ce358cefd6b7bdf21b046b1375c3d687f6d0d08bf7b955568a1c6

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\encoding\cp1252.enc

MD5 e9117326c06fee02c478027cb625c7d8
SHA1 2ed4092d573289925a5b71625cf43cc82b901daf
SHA256 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512 d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\auto.tcl

MD5 08edf746b4a088cb4185c165177bd604
SHA1 395cda114f23e513eef4618da39bb86d034124bf
SHA256 517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c
SHA512 c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\button.tcl

MD5 aeb53f7f1506cdfdfe557f54a76060ce
SHA1 ebb3666ee444b91a0d335da19c8333f73b71933b
SHA256 1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5
SHA512 acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\icons.tcl

MD5 995a0a8f7d0861c268aead5fc95a42ea
SHA1 21e121cf85e1c4984454237a646e58ec3c725a72
SHA256 1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85
SHA512 db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\scrollbar.tcl

MD5 3fb31a225cec64b720b8e579582f2749
SHA1 9c0151d9e2543c217cf8699ff5d4299a72e8f13c
SHA256 6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8
SHA512 e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\menubutton.tcl

MD5 4c8d90257d073f263b258f00b2a518c2
SHA1 7b58859e9b70fb37f53809cd3ffd7cf69ab310d8
SHA256 972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085
SHA512 ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\button.tcl

MD5 d4bf1af5dcdd85e3bd11dbf52eb2c146
SHA1 b1691578041319e671d31473a1dd404855d2038b
SHA256 e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf
SHA512 25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\utils.tcl

MD5 d98edc491da631510f124cd3934f535f
SHA1 33037a966067c9f5c9074ae5532ff3b51b4082d4
SHA256 d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be
SHA512 23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\cursors.tcl

MD5 18ec3e60b8dd199697a41887be6ce8c2
SHA1 13ff8ce95289b802a5247b1fd9dea90d2875cb5d
SHA256 7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91
SHA512 4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\fonts.tcl

MD5 80331fcbe4c049ff1a0d0b879cb208de
SHA1 4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf
SHA256 b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b
SHA512 a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\ttk.tcl

MD5 af45b2c8b43596d1bdeca5233126bd14
SHA1 a99e75d299c4579e10fcdd59389b98c662281a26
SHA256 2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b
SHA512 c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\text.tcl

MD5 7c2ac370de0b941ae13572152419c642
SHA1 7598cc20952fa590e32da063bf5c0f46b0e89b15
SHA256 4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e
SHA512 8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\spinbox.tcl

MD5 77dfe1baccd165a0c7b35cdeaa2d1a8c
SHA1 426ba77fc568d4d3a6e928532e5beb95388f36a0
SHA256 2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277
SHA512 e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\scrlbar.tcl

MD5 5249cd1e97e48e3d6dec15e70b9d7792
SHA1 612e021ba25b5e512a0dfd48b6e77fc72894a6b9
SHA256 eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f
SHA512 e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\scale.tcl

MD5 857add6060a986063b0ed594f6b0cd26
SHA1 b1981d33ddea81cfffa838e5ac80e592d9062e43
SHA256 0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05
SHA512 7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\panedwindow.tcl

MD5 286c01a1b12261bc47f5659fd1627abd
SHA1 4ca36795cab6dfe0bbba30bb88a2ab71a0896642
SHA256 aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9
SHA512 d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\menu.tcl

MD5 078782cd05209012a84817ac6ef11450
SHA1 dba04f7a6cf34c54a961f25e024b6a772c2b751d
SHA256 d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89
SHA512 79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\listbox.tcl

MD5 804e6dce549b2e541986c0ce9e75e2d1
SHA1 c44ee09421f127cf7f4070a9508f22709d06d043
SHA256 47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801
SHA512 029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\entry.tcl

MD5 f109865c52d1fd602e2d53e559e56c22
SHA1 5884a3bb701c27ba1bf35c6add7852e84d73d81f
SHA256 af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048
SHA512 b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\opt0.4\pkgIndex.tcl

MD5 07532085501876dcc6882567e014944c
SHA1 6bc7a122429373eb8f039b413ad81c408a96cb80
SHA256 6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe
SHA512 0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\http1.0\pkgIndex.tcl

MD5 a387908e2fe9d84704c2e47a7f6e9bc5
SHA1 f3c08b3540033a54a59cb3b207e351303c9e29c6
SHA256 77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339
SHA512 7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\pkgIndex.tcl

MD5 3367ce12a4ba9baaf7c5127d7412aa6a
SHA1 865c775bb8f56c3c5dfc8c71bfaf9ef58386161d
SHA256 3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898
SHA512 f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\package.tcl

MD5 ddb0ab9842b64114138a8c83c4322027
SHA1 eccacdc2ccd86a452b21f3cf0933fd41125de790
SHA256 f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948
SHA512 c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl8\8.5\msgcat-1.6.1.tm

MD5 bd4ff2a1f742d9e6e699eeee5e678ad1
SHA1 811ad83aff80131ba73abc546c6bd78453bf3eb9
SHA256 6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb
SHA512 b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\tm.tcl

MD5 215262a286e7f0a14f22db1aa7875f05
SHA1 66b942ba6d3120ef8d5840fcdeb06242a47491ff
SHA256 4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f
SHA512 6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\tk.tcl

MD5 338184e46bd23e508daedbb11a4f0950
SHA1 437db31d487c352472212e8791c8252a1412cb0e
SHA256 0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9
SHA512 8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\tclIndex

MD5 c62fb22f4c9a3eff286c18421397aaf4
SHA1 4a49b8768cff68f2effaf21264343b7c632a51b2
SHA256 ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89
SHA512 558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 14:44

Reported

2024-05-10 14:52

Platform

win11-20240419-en

Max time kernel

209s

Max time network

203s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/BZ1Ftt

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598261589427246" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\lock2go.rar:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4292 wrote to memory of 4596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 4596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4292 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/BZ1Ftt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95eb8cc40,0x7ff95eb8cc4c,0x7ff95eb8cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1796 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3108 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4104,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2924 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3356,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4964,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3304,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3296 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5196,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\lock2go\lock2go\" -spe -an -ai#7zMap2899:92:7zEvent4850

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE

"C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 gofile.io udp
FR 151.80.29.83:443 api.gofile.io tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
FR 51.38.43.18:443 api.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
DE 78.46.174.169:443 ad.a-ads.com tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
DE 78.46.33.196:443 static.a-ads.com tcp
N/A 224.0.0.251:5353 udp
FR 31.14.70.248:443 cold1.gofile.io tcp
FR 31.14.70.248:443 cold1.gofile.io tcp

Files

\??\pipe\crashpad_4292_AGWHXGSICEUDYIQM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 9b42f565f2b9a89339124b07c1309ae1
SHA1 9b45962c1dc0c84530a8efe41192cf3367ac6302
SHA256 f32b969050078955118af49e72b43b27c12de46c9b62762e6dda3da3cc31a993
SHA512 9e1d1df594c2e06d9a730354e258597d0f973b3be0613f9e72e64a3595768d574fd2e0dc070bc07d82dd4157305bec108de6c1595d4660464f2078f72c8af6f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c9467318054d71ea627fc6ccfd1ab50d
SHA1 77e05b29c7829ec8fd0dd6d9f97465aece38f3fc
SHA256 36779af909cee4b70261c28974b4e2b63c0df0d65791444c568b93a7ab57cb9d
SHA512 4da0965f61848627b3904a03e50a574cf6201e12532ee020c7c183fcf7c9d2acc18ebb0a2c4b630ecf3fd5ea27aecc3b90a08ebb01d79c2c198e5e6e314a3d7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d526911597ba667494b121e8fc79ae5
SHA1 3f7c114d013e0e45d34196a0eaaf6dee69524753
SHA256 71621ac4fa259fe4bdf283e6bcfb390b1705a7c2f3a4478ab3345a70c157287d
SHA512 3591c893305d40a80bb39c544a83a623e3a69b6b7e54ac6e297d136ec0348b9d9459fefa825ead181f087006a9aa26f5b53e889757beb1770f232e74f55b1ebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 14e87f223d4367c828999944997e96cc
SHA1 e1e1fbd7e138c5fc954d423c374b37a935a50dc1
SHA256 84ed6550236f2935cf0d98c0ae46185940e9b0649685b2167ade383f6925f214
SHA512 c7d3231437916df84874f68ac86435b02ecd9876963054b4b95a206b6d6aa034caba3ae032bb1307ebb29524c373af6d105bdde73e61e86dd43ebd1c4b425826

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 55b500fc5953edbd50b57d13d6f40474
SHA1 58998f46a48b8cbe35313d07c77a051c374cfe34
SHA256 35f2c1b26a805dfb4286229929da34a601fbf477fa231e12ef6caff325d73e14
SHA512 f2410671722a945f8b76124f002d6dcdc25f313c6542fb7f8fb1f7c0141b8567d9505d9a38cb791bcb33be1fb488495591c24d21db1eb058dcc970f915d8759a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f47e1dc4e1099c99611edb9f6baa124
SHA1 559f1d246c35792e9dedee18fe0d75c6d0bff3fe
SHA256 f42e8e0d9f7950565362fa8e3d25c970bdfd5a0424b4f4d100cfef5b06518c86
SHA512 16f831a78f20523df884dde0de914a1c1f2baeb20267fb118d002d874b7459ee450ca7070bfd72030288b7891713dbf6199fcc063f9d4c3c188a68bdf9c5717b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1efe5c9ea75fdc5c8fcef822b90f9fec
SHA1 525e6ee8aa69e82d4f8b6575dde98c7fa58bafbc
SHA256 388be31b566c34c77f880982f33f64af00250d4246a59464abdb312eb4ccedf5
SHA512 ec7c377e8928466d1d87181425fd9464f06b5026dd1d9e01d22a2050d2141dbb492bb06a26ad97a54a6750679257a2e2be793a80a3aa92e3d9506b33d2c1abe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e7799f1c9c96a7b802fa7d3d00c2c90
SHA1 8518a5646bb9ce5a2e4b847af785f93f46c639e7
SHA256 fdfb2424eb7be780663ca7844c3f9469858ff342cb9c4a7fdbb795e6dea63583
SHA512 f500ac0f7121df624e96d066b599efdeb95a8122b5d168437fe9441a59384b237a70c2f3a6bbf8ce5ae0e2694ca10c50efa9e556917070fabda14460876b2a33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fe6d851f3c18dbeb01135cf2f6b3162
SHA1 3b49ddb33c3026ea9e6bc010e156e0eea12a9373
SHA256 e96ba1477e05380512aeb2912faec0dd3fc6021045f868d9cd612221a8e06aa4
SHA512 aa393b4b35b220310ac3768f29f9e3fa1d4c58862c9782612937000c107bbb499b29cd85bb386a66157218967e905d9a5da08c501275f638f48018b242d4a017

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4cf4f10595164bb4a6ddcdaa8420a818
SHA1 b18b391275cba06123ea97eecc5aa3d26820063c
SHA256 650e33425ae410d7114e423ee4452d9115fbfa5405f88e3aed2143eaf98ac380
SHA512 8508e815cfc81f69d04cfce257d36440154cc63240095949178c5ab6298047cdf39d04a579c8e1275b688956bb01ff52891007630a244a0c3f1330fc8cecd8a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ae3bb28b88e5908a3e0dcd155344e260
SHA1 348ba0a1622d560655469987a1e20c4c1aa4184a
SHA256 f48617475b926bb207a67f7513862a61dd0a57238b363660570dba4072ff1c3a
SHA512 265681b1311d0afefa073a82343d5f5c58a23c8e56b43b519c49123e6922b9e72b0198d481eda9666ec39d7c6365b8b17005ab5c814479d50cb0671e04f65b62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1634d68ed658085272f84a4951c61ed4
SHA1 0f09b092414f4d42a51090410607df128ebc4cc1
SHA256 db013210b92a5b4c1a0c7c0734b1487e94626f938e8ead00dc453b0693c61617
SHA512 5364da8aa22dca8c788728099940a65fcb0f915ac03c9ee59e086c446e9b2c587295c04655c7d88930d287e2d4e48dc75b7d7760ac415f9667e005cb33b6f6dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 828b5f28a31224b3bd7048cda5014cf7
SHA1 6fe83f640a93834caf394c19091fd2607803b2d6
SHA256 4a2513c7403001293a9d99e909aa9f39d2f69ee2f2a296eb1563feb5db8aca72
SHA512 0b09d17ac9c098639669ba159d3c21603d70c84718df2f6bf55c8709b3c31390180dc1a2acb9494d51a3ebcb097436369a127fe73816dc56c9eda728b6238585

C:\Users\Admin\Downloads\lock2go.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a104b8aa3b9b44607672fe414d96cba2
SHA1 3eef4963d5f30f9d4cb63030754bf64430f63e48
SHA256 f4864c35c9701ac1f645415436c552fb246fa5525c27d3a53751313225749d37
SHA512 1a22617c2df810721c13a7a8735d8055da1074e1bc7c4c02eefe7f04cd2bff14a2a70b25e76d793d4e44f11a32a984d9649acfd3a5af0be269f8dd7f05dbf9ac

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6206f9ebec8b90fe1e6e5313d0b3fef
SHA1 cedfb3b87a3b3fee4faf3e7aab4d64b3dde25cf7
SHA256 385e27b5aaa84084c1402ddff2b33aa2b1f6918f86fc0ef1fff248e052fb8d71
SHA512 51e147104be5b665cf93db2a60a3ac6e9853fbc2e3dbb3ecbce74e5712f723cb46f7d1520a6114749b5366ca94d0aaae759c3fc5d91297a62c6fdf891bd1b2c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ffa5ecc7b602772288bbf28e71eac82
SHA1 0dcc8bb050667d7a2fd31660ef59e7df6482298c
SHA256 4cab475a59adf4ffa192cf398c49168a194a3d30ad6cd1c6761f6cc1dee49545
SHA512 7f58206d59aab8c58b82d34f0892a438646869e49e113d4fa37044e1f945ea6136dac3fb7470c0587dfc220178a1bce818b5540fcdb64a5040e837984e57f023

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abee002895ba394eab1c272a61e3119d
SHA1 cb1fc88ef522b96ae732fb5a64a91b86927c5b4c
SHA256 fa57004e8dc2ced48774e1902cb0b387282dcfc3059a422e0a187b3b0fcb6222
SHA512 4ddad0550f779e0dadaf71697a841fba6e4b0f2c664a9bab5c7a21f78e3226f31353e083051f855f0a0342285995bf878ef727791ac4dbfea95078649c3d7963

C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE

MD5 fe08519e7e60cdeb45a8c59194c9530a
SHA1 81b021f5609b30203b5c6c2f3d641b221767bf38
SHA256 beda349bcb2fbd6e9300e4cc2f6e2d04dec80a43871dd85fb93868055a677bf3
SHA512 d57a749c59deb2d774cca6671e3030f55c66858f8ff7b428f5a160c67d2335c4b2c0c4a25d70e82fe5649d5fcfafa1884f395e502c0590433ea2ffd48f75048d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe

MD5 1865683e49a401e02e57058ae9761c92
SHA1 4fe814655b0b2cbfb4fe56daf7fb3e059ba75560
SHA256 008dc90ac87b8733886c2a312a3521b9e863005fd24db53cce79aff021050619
SHA512 b5016041f8285990ec90c3efd5eaba01c90feb67ebc8c5759a5a336dc0896fefa37c08ea6a6412e8e6458dec6e152669ce57462bba6006e0818ac77aa505a336

C:\Users\Admin\AppData\Local\Temp\_MEI31162\python311.dll

MD5 b8769a867abc02bfdd8637bea508cab2
SHA1 782f5fb799328c001bca77643e31fb7824f9d8cc
SHA256 9cf39945840ee8d769e47ffdb554044550b5843b29c68fa3849ba9376c3a7ec8
SHA512 bf01e343877a92d458373c02a9d64426118915ade324cf12d6ff200970da641358e8f362732cd9a8508845e367313c9bab2772d59a9ae8d934cd0dd7d28535b3

C:\Users\Admin\AppData\Local\Temp\_MEI31162\VCRUNTIME140.dll

MD5 1e6e97d60d411a2dee8964d3d05adb15
SHA1 0a2fe6ec6b6675c44998c282dbb1cd8787612faf
SHA256 8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9
SHA512 3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

C:\Users\Admin\AppData\Local\Temp\_MEI31162\base_library.zip

MD5 83d235e1f5b0ee5b0282b5ab7244f6c4
SHA1 629a1ce71314d7abbce96674a1ddf9f38c4a5e9c
SHA256 db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0
SHA512 77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f

C:\Users\Admin\AppData\Local\Temp\_MEI31162\_socket.pyd

MD5 b55ce33c6ba6d7af221f3d8b1a30a6f7
SHA1 b8696ed5b7a52c9bfda5c1ea4bd43a9ecc17fed0
SHA256 ec5817b46539f9a5cbf1525cf7c714bc0e9f5a918fc4b963dec9c301b86c7d1f
SHA512 4d15d90dd2bacc8c9537533b1267455fbc030e38546c1f6f4eb7dabe690c744471bd45c079f0c711b9eca330f1a413ea37fc6b08810854d5f51b69b19e991462

C:\Users\Admin\AppData\Local\Temp\_MEI31162\_tkinter.pyd

MD5 992ec7ea4dcbb3cdbe94f3099f5e7ca2
SHA1 85520ae918f92144c29b916bd94d3657e7485d73
SHA256 eceb324020654062f58a9b7947b98ffb57c7b75d2899840c34845e4cd5ef520f
SHA512 ba0e4fe67de83f9719c2e69f5ac52ab4c3fb2ba8d23981930a8a9ae103c97bd8d867f56a7a156803dc039aaf4701d78f816d96454a3260c409923b937dd96a1e

C:\Users\Admin\AppData\Local\Temp\_MEI31162\_lzma.pyd

MD5 b4251ed45538a2a7d79737db8fb139db
SHA1 cded1a4637e7e18684d89cd34c73cfae424183e6
SHA256 caad390c4c3c6b1e50a33754a0af7d2c3f4b1245c8ead79ff7f7be0e5654e210
SHA512 d40f7de85c8dbb3e16135e1f8d8ce829cb681eaab49c6f4c40792fa8f733743df70cfa7c6224e06bff68214069f90cd960970ac47d0348e9827a2136789c43c1

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk86t.dll

MD5 2d22c933ab895730b49058514ac16a5f
SHA1 86a589ea7a942f9f09adc99e037ccb7bfabe28e1
SHA256 f37b85b38f04303a1394c95dd2e67f08efbde1bafd9bfc3b2403e171bf5f979b
SHA512 5d697895c728b3c5fb4a2d16ee5bde3b9644365af8b35dbc221b01ed3462896f8d8c8fd5fa946ce7f1a65d0f561b7d0fc18befb9b3257b3728bc99cdf58973c4

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl86t.dll

MD5 d99809b3282ce68bffc5ee22ff7f78e3
SHA1 9608d2e0d5c8f786ad8e6d74fb8ec0592700e860
SHA256 7ed409592314926d14c5d1663fce0701d1b0a2bc6d0360bfbe4014efd230f7df
SHA512 8492114f53f7feab88c3ea414e248a83db779e8c31c1289fece4085b9e916c6a189ee6a058a9dbca3f84b053a873d9ef6832673cf1df787a20bf8a15e5a28a66

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\init.tcl

MD5 982eae7a49263817d83f744ffcd00c0e
SHA1 81723dfea5576a0916abeff639debe04ce1d2c83
SHA256 331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f
SHA512 31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\encoding\cp1252.enc

MD5 e9117326c06fee02c478027cb625c7d8
SHA1 2ed4092d573289925a5b71625cf43cc82b901daf
SHA256 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512 d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

C:\Users\Admin\AppData\Local\Temp\_MEI31162\_hashlib.pyd

MD5 303a1d7d21ca6e625950a966d17f86be
SHA1 660aaad68207dc0a4d757307ad57e86b120f2d91
SHA256 53180306bad339e76cc427009db15f124f49d4c879676258264365a7e2ed703f
SHA512 99036d59cad6f286e8f901acadcc7db192bb385699228b1b34907ea49fb5ff07b636550c04f0d4b70f161a26ea2e58794d9080d69d053ada08d2ad9bd3f861df

C:\Users\Admin\AppData\Local\Temp\_MEI31162\_decimal.pyd

MD5 bcdbf3a04a8bfd8c8a9624996735fc1a
SHA1 08d35c136fe5c779b67f56ae7165b394d5c8d8ef
SHA256 1f6db9be716626f6803cefd646fbbc478878c6acce597d9f6c5776dc7b69d3c7
SHA512 d22195c0a0535f7986d0a6d0bb820d36c8824a0b15378cb5d5ab0f334064896e0d64ed880d706f80e0b96d022631fc6b4fcc47371ca1d5cdd2c37dd75c62274b

C:\Users\Admin\AppData\Local\Temp\_MEI31162\_bz2.pyd

MD5 f73ea2b834471fb01d491a65caa1eea3
SHA1 00e888645e0a1638c639a2c21df04a3baa4c640a
SHA256 8633e8ad7172b095ed7ba40fa1039a64b04b20e6f42ac428e103d0c793831bda
SHA512 b8329b33d78458c2ac7979a5c5a19bd37ea9a473682d23faf54e77cfc5edadc0426490add9864e99a719ac5b4a57c5326ed82496adf80afd1876577caa608418

C:\Users\Admin\AppData\Local\Temp\_MEI31162\unicodedata.pyd

MD5 b98d5dd9980b29ce394675dc757509b8
SHA1 7a3ad4947458baa61de998bc8fde1ef736a3a26c
SHA256 1498105d00434a5ebbaa6bee2e5f5677c34a948b2073d789f4d4b5968a4c8aaf
SHA512 ba7e52deaf88aab062646d6a70f9e15016fcbdcf55a4f16d8c73ea6a63ad591eb3b623514a9fecc03188b1d1eb55a6b168da55bb035dc7d605cae53def2b65f2

C:\Users\Admin\AppData\Local\Temp\_MEI31162\select.pyd

MD5 aae48cf580702fec3a79524d1721305c
SHA1 33f68231ff3e82adc90c3c9589d5cc918ad9c936
SHA256 93b2b54c80d03ff7ade5fe4cd03baed8c5b5a8e1edcd695a53bae2e369006265
SHA512 1c826364015684bb3fb36ce1fcb608da88f4c74b0eec6b53f4ca07b5ea99fee8b4e318c1570ce358cefd6b7bdf21b046b1375c3d687f6d0d08bf7b955568a1c6

C:\Users\Admin\AppData\Local\Temp\_MEI31162\libcrypto-1_1.dll

MD5 90311ea0cc27e27d2998969c57eba038
SHA1 4653f1261fb7b16bc64c72833cfb93f0662d6f6d
SHA256 239d518dd67d8c2bbf6aeaded86ed464865e914db6bf3b115973d525ebd7d367
SHA512 6e2f839fb8d7aaab0b51778670da104c36355e22991eae930d2eaecabab45b40fda5e2317f1c928a803146855ac5553e4e464a65213696311c206bec926775d8

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\tclIndex

MD5 c62fb22f4c9a3eff286c18421397aaf4
SHA1 4a49b8768cff68f2effaf21264343b7c632a51b2
SHA256 ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89
SHA512 558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\tm.tcl

MD5 215262a286e7f0a14f22db1aa7875f05
SHA1 66b942ba6d3120ef8d5840fcdeb06242a47491ff
SHA256 4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f
SHA512 6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\tk.tcl

MD5 338184e46bd23e508daedbb11a4f0950
SHA1 437db31d487c352472212e8791c8252a1412cb0e
SHA256 0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9
SHA512 8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\auto.tcl

MD5 08edf746b4a088cb4185c165177bd604
SHA1 395cda114f23e513eef4618da39bb86d034124bf
SHA256 517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c
SHA512 c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\pkgIndex.tcl

MD5 3367ce12a4ba9baaf7c5127d7412aa6a
SHA1 865c775bb8f56c3c5dfc8c71bfaf9ef58386161d
SHA256 3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898
SHA512 f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\icons.tcl

MD5 995a0a8f7d0861c268aead5fc95a42ea
SHA1 21e121cf85e1c4984454237a646e58ec3c725a72
SHA256 1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85
SHA512 db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\opt0.4\pkgIndex.tcl

MD5 07532085501876dcc6882567e014944c
SHA1 6bc7a122429373eb8f039b413ad81c408a96cb80
SHA256 6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe
SHA512 0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\http1.0\pkgIndex.tcl

MD5 a387908e2fe9d84704c2e47a7f6e9bc5
SHA1 f3c08b3540033a54a59cb3b207e351303c9e29c6
SHA256 77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339
SHA512 7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\package.tcl

MD5 ddb0ab9842b64114138a8c83c4322027
SHA1 eccacdc2ccd86a452b21f3cf0933fd41125de790
SHA256 f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948
SHA512 c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl8\8.5\msgcat-1.6.1.tm

MD5 bd4ff2a1f742d9e6e699eeee5e678ad1
SHA1 811ad83aff80131ba73abc546c6bd78453bf3eb9
SHA256 6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb
SHA512 b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\button.tcl

MD5 aeb53f7f1506cdfdfe557f54a76060ce
SHA1 ebb3666ee444b91a0d335da19c8333f73b71933b
SHA256 1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5
SHA512 acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\scale.tcl

MD5 f1c33cc2d47115bbecd2e7c2fcb631a7
SHA1 0123a961242ed8049b37c77c726db8dbd94c1023
SHA256 b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb
SHA512 96587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\scrollbar.tcl

MD5 3fb31a225cec64b720b8e579582f2749
SHA1 9c0151d9e2543c217cf8699ff5d4299a72e8f13c
SHA256 6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8
SHA512 e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\menubutton.tcl

MD5 4c8d90257d073f263b258f00b2a518c2
SHA1 7b58859e9b70fb37f53809cd3ffd7cf69ab310d8
SHA256 972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085
SHA512 ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\button.tcl

MD5 d4bf1af5dcdd85e3bd11dbf52eb2c146
SHA1 b1691578041319e671d31473a1dd404855d2038b
SHA256 e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf
SHA512 25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\utils.tcl

MD5 d98edc491da631510f124cd3934f535f
SHA1 33037a966067c9f5c9074ae5532ff3b51b4082d4
SHA256 d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be
SHA512 23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\cursors.tcl

MD5 18ec3e60b8dd199697a41887be6ce8c2
SHA1 13ff8ce95289b802a5247b1fd9dea90d2875cb5d
SHA256 7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91
SHA512 4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\fonts.tcl

MD5 80331fcbe4c049ff1a0d0b879cb208de
SHA1 4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf
SHA256 b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b
SHA512 a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\ttk.tcl

MD5 af45b2c8b43596d1bdeca5233126bd14
SHA1 a99e75d299c4579e10fcdd59389b98c662281a26
SHA256 2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b
SHA512 c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\text.tcl

MD5 7c2ac370de0b941ae13572152419c642
SHA1 7598cc20952fa590e32da063bf5c0f46b0e89b15
SHA256 4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e
SHA512 8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\spinbox.tcl

MD5 77dfe1baccd165a0c7b35cdeaa2d1a8c
SHA1 426ba77fc568d4d3a6e928532e5beb95388f36a0
SHA256 2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277
SHA512 e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\scrlbar.tcl

MD5 5249cd1e97e48e3d6dec15e70b9d7792
SHA1 612e021ba25b5e512a0dfd48b6e77fc72894a6b9
SHA256 eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f
SHA512 e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\scale.tcl

MD5 857add6060a986063b0ed594f6b0cd26
SHA1 b1981d33ddea81cfffa838e5ac80e592d9062e43
SHA256 0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05
SHA512 7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\panedwindow.tcl

MD5 286c01a1b12261bc47f5659fd1627abd
SHA1 4ca36795cab6dfe0bbba30bb88a2ab71a0896642
SHA256 aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9
SHA512 d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\menu.tcl

MD5 078782cd05209012a84817ac6ef11450
SHA1 dba04f7a6cf34c54a961f25e024b6a772c2b751d
SHA256 d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89
SHA512 79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\listbox.tcl

MD5 804e6dce549b2e541986c0ce9e75e2d1
SHA1 c44ee09421f127cf7f4070a9508f22709d06d043
SHA256 47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801
SHA512 029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\entry.tcl

MD5 f109865c52d1fd602e2d53e559e56c22
SHA1 5884a3bb701c27ba1bf35c6add7852e84d73d81f
SHA256 af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048
SHA512 b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c12ec8b96f0f26abc1b06911db0af96
SHA1 4b72a45189304a91770eb5ac0da75e5ac8e2e301
SHA256 44b018ad449139bc60e266e49a2212a026bf4c146179e9cfe2f78fcb53e4f2f8
SHA512 8a965054423e1052fd8f64e7b7c4212b19df5eeede17cb2e6a18c33ee15f39aba5644e36d4ba132d0049651fce099d3a55661c8cb3267d9d87e5699d03469608

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb2b77872cb5f98a737ab66453e55088
SHA1 26b58f63a4b6c454781c8c1e423cb00c551e3d74
SHA256 c57a6ea9cca1c3fdc625b7584670a74e06f35da20d919c0b4ea0f97690eb2c3d
SHA512 d66f9cfdfe62a81a2c319f121b7beb9a1f3ecf872baab8ffcf002590fc2268743021cfab4584b47a6337d7431c2f4f46899f5d344d824c140531ccfbc494750f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 414ac8d834c239d931c7893a70be5a99
SHA1 0e989bd5f23dd1faf3f784ab3780dd3425c1989b
SHA256 e77831e9d29036b36f5b8aa816e5a6a12faf508afd2747865f4c769247ea921d
SHA512 db94738474c5f13deb0e25a003092d6df8778fd380960474033863231ec213ace7116db49cdac9d1aced1511bfcefe4c36b61cb4c71044f0ce8f92a22a43e479