Malware Analysis Report

2024-11-15 06:22

Sample ID 240525-rh4brsfd3t
Target ExtraSoft v.2.2.rar
SHA256 aefc68a09627909d0bd3b761065f52ab15d7f4eb93c94894761fd274b68ce796
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aefc68a09627909d0bd3b761065f52ab15d7f4eb93c94894761fd274b68ce796

Threat Level: Known bad

The file ExtraSoft v.2.2.rar was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Downloads MZ/PE file

Executes dropped EXE

Enumerates connected drives

Suspicious use of SetThreadContext

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 14:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 14:12

Reported

2024-05-25 14:15

Platform

win10-20240404-en

Max time kernel

150s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe"

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3240 set thread context of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Netease\MuMuPlayerGlobal-12.0\1.txt C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611199978663148" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3240 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3240 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2948 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe

"C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89c89758,0x7ffc89c89768,0x7ffc89c89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5276 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3364 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3ec

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3036 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2112 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3884 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=816 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5376 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5544 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5096 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4748 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5708 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4424 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2016 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5432 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5980 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3000 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6204 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6604 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6624 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Users\Admin\Downloads\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe

"C:\Users\Admin\Downloads\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe"

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6924 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5272 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe" checker /baseboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe

"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=50682 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=720

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Network

Country Destination Domain Proto
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 8.8.8.8:53 museumtespaceorsp.shop udp
US 104.21.32.80:443 museumtespaceorsp.shop tcp
US 8.8.8.8:53 80.32.21.104.in-addr.arpa udp
US 8.8.8.8:53 buttockdecarderwiso.shop udp
US 104.21.45.202:443 buttockdecarderwiso.shop tcp
US 8.8.8.8:53 averageaattractiionsl.shop udp
US 104.21.62.60:443 averageaattractiionsl.shop tcp
US 8.8.8.8:53 femininiespywageg.shop udp
US 104.21.71.3:443 femininiespywageg.shop tcp
US 8.8.8.8:53 employhabragaomlsp.shop udp
US 8.8.8.8:53 60.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 202.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 3.71.21.104.in-addr.arpa udp
US 104.21.85.81:443 employhabragaomlsp.shop tcp
US 8.8.8.8:53 stalfbaclcalorieeis.shop udp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 8.8.8.8:53 civilianurinedtsraov.shop udp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 8.8.8.8:53 81.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 197.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 245.49.21.104.in-addr.arpa udp
US 8.8.8.8:53 roomabolishsnifftwk.shop udp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 labs.google.com udp
GB 142.250.187.238:443 labs.google.com tcp
GB 142.250.187.238:443 labs.google.com tcp
GB 142.250.187.238:443 labs.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
NL 142.251.18.94:443 id.google.com tcp
US 8.8.8.8:53 94.18.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 185.199.109.133:443 repository-images.githubusercontent.com tcp
US 185.199.109.133:443 repository-images.githubusercontent.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.251.18.94:443 id.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 codexexecutor.net udp
US 104.21.77.216:443 codexexecutor.net tcp
US 104.21.77.216:443 codexexecutor.net tcp
US 104.21.77.216:443 codexexecutor.net udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 216.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 a11.gdl.netease.com udp
US 2.17.251.38:443 a11.gdl.netease.com tcp
US 2.17.251.38:443 a11.gdl.netease.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.251.17.2.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 api.mumuglobal.com udp
JP 3.115.32.176:443 api.mumuglobal.com tcp
JP 3.115.32.176:443 api.mumuglobal.com tcp
US 8.8.8.8:53 176.32.115.3.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 dns.update.easebar.com udp
BE 104.68.95.105:443 dns.update.easebar.com tcp
US 8.8.8.8:53 105.95.68.104.in-addr.arpa udp
US 8.8.8.8:53 mumu-global.fp.ps.easebar.com udp
NL 23.197.91.229:443 mumu-global.fp.ps.easebar.com tcp
US 8.8.8.8:53 229.91.197.23.in-addr.arpa udp
US 76.223.88.1:80 76.223.88.1 tcp
US 2.17.251.38:80 a11.gdl.netease.com tcp
US 8.8.8.8:53 a11.gdl.netease.com udp
US 8.8.8.8:53 1.88.223.76.in-addr.arpa udp
US 2.17.251.38:80 a11.gdl.netease.com tcp
US 2.17.251.38:80 a11.gdl.netease.com tcp
US 2.17.251.38:80 a11.gdl.netease.com tcp
US 2.17.251.38:80 a11.gdl.netease.com tcp
N/A 127.0.0.1:50682 tcp

Files

memory/3240-0-0x00000000012C0000-0x00000000012C1000-memory.dmp

memory/3240-1-0x00000000012C0000-0x00000000012C1000-memory.dmp

memory/3240-3-0x00000000012C0000-0x00000000012C1000-memory.dmp

memory/516-2-0x0000000000400000-0x0000000000455000-memory.dmp

memory/516-5-0x0000000000400000-0x0000000000455000-memory.dmp

memory/516-6-0x0000000000400000-0x0000000000455000-memory.dmp

memory/516-10-0x0000000000400000-0x0000000000455000-memory.dmp

\??\pipe\crashpad_2948_EVSBOYLBHFYMVJDL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d06eb52b-2df7-4c08-9f63-07ef5539e0b5.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ea9f8e1a1aa1959402aea0d01bc13c7c
SHA1 5f7b0512af06b4317a9e3eda192d728f804dc1ec
SHA256 10ffbbb4254dde094797d964c7dd22706a9a54627dfa01403ceed176cf4404f3
SHA512 1d6dbd85488025af97aa16af1567ecc1ed3bf701e957c308ff72b42a0ef98bff1cfab655d68b176d8378475fd59d7285d8eccb5fcb29303fc711a57d1068c1e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dfeb75ab5b71689fd07d8873d5af9d98
SHA1 0f00534b4e5b53023cf363f6338d093bf7339e65
SHA256 8e0a1a98548e0abe786e9279b41aecccb544097ea82a017a34d2c86c72977144
SHA512 7304dd85f805afda47b3ac9b5423c26773f69618e48da81ee7e4c358fc62f5e9b391a251a4bd3e069521689b5e90c3fd1a38fdebd72281415ff2fa5296fccccd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35a023dc83f8bf62645b2aedf7434b4f
SHA1 75e195fedd5f94529e9a936df0b1de60fbc26a5d
SHA256 b26fe2cc7746ee180c9a5fad1c9c042fcf32b9acc661c570962b62c33aced098
SHA512 de9a3435b8a9ac23b574c32ccabf34f05f22bf9d9300436897aa33d76167a7acfca97234730891ab58f2143c3313411fef7c3ae421f3745cc70f1db1777e0dfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bfe988983af5f5f7e09887b3a0bb1e9b
SHA1 0c7945b2fd8c9f0ea109bc3c0579f58e232023ed
SHA256 4e68a75b82a0705f6ecf9f0c7660ef0430087c6b7ac7c3cf7614ae9d84a31cd3
SHA512 8c1470e2be2fc2ba2f47c4aeeda627411f32b8295f190faf84e63435c8d54e5cf6f3de1b95e2a4af767e15aed2bf7d200f85b93a1c61d74b2f8ffcf161518581

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\93699ea7-9bb8-41ba-8efc-cdbe9e35bc7a.tmp

MD5 bc78ce8a27e6e83c652c20857625571f
SHA1 9bba33f9edbef04627ac01455069be2c16aa25d2
SHA256 2129c72ea4a182e5cccdb1600f0f1e9dcff8865a53f3b552fe541367fd552d9d
SHA512 a2453b8c2d34f10c61c2c87311d3b6da13883ae11727134b70ea08c77a4ab9d3592145dc5334c19f87898b6f756fc3f268532aebeb19f94d1407aa4aff9d97f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 7626aade5004330bfb65f1e1f790df0c
SHA1 97dca3e04f19cfe55b010c13f10a81ffe8b8374b
SHA256 cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e
SHA512 f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 5ce7bdeeea547dc5e395554f1de0b179
SHA1 3dba53fa4da7c828a468d17abc09b265b664078a
SHA256 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA512 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa7aabca1fcfab3a03656e6524e818e4
SHA1 fb3c464a15f94fae8d232e1f15aab08182fd457c
SHA256 914af35658d8483a17e54013a6ba6abdab53011a6e838cb1fa533dd8f9e50c36
SHA512 cde0d00b6150f2faf1545ae8fba1fcc3962aa03a751ee40ea2edc974c16b5cbf5a2b6b001f185a11d23df9912da7ebbf27e6fbfdc615fcdc6d4fe54c68e3ecc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0c940a26f84ca477fe2f2ffee5ff2931
SHA1 ff2eb757f1c760213d7c10fcaca56c0bc129f042
SHA256 7fe9d9ee38c5fa23a3e15afbb95cad118952c016742c2f08c4a4dc2453d05865
SHA512 094a11f43b6f8a1d13ee8d6b887ef39b68e8404d4d31360199c50886170e6b10bdfcb9d40778ab1bc06e85cc903cb4cfca2fa01ca456c89bb277438578ae0e82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1884648a-7014-4a75-8448-2dc8ee101eee.tmp

MD5 9ad3a161e98e3fe7da209f2eb67021f9
SHA1 8859c1212a60ed7073e0eb91810ac1607105ba52
SHA256 219d525a04bb87af7d3ff65ff2a2bf9e5b24962ae0f815de21be67a9dfd3dbaf
SHA512 d4a99a4960c0fc66570056228ccae060f78be64ef160eb5f178e90393dc1f5610f6ee3f6ea8eebaac2614261443bf63f0d7eb3e45262371bce12314972093537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d8caf8f19cd653b161c37a5d18dea61
SHA1 4cc032367e7b34122ee0aa58f8c53abca4b86e70
SHA256 75e00c2293e4db9ca1a3d2998c1fd98c76d620d2edfb0a6865e1095543105576
SHA512 99eb53eff078c13948eb1b93771fb815f157af18312b4c81f17a3032b7376eecaf177f1b83b7908e6abe444c93a5a97f86ca76613434c6c07e0a95ac9a0073c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2cf6fbed4beaeded2637f1c58adea5d
SHA1 420c58e4fb109fbc76b2c6da38eafd6ba6b7c07c
SHA256 11e799bc936b70847a8a9d8758664f76d4434e3e8403d98f5d03d86913fa5593
SHA512 17405a234b4483509bf612767a8da351c852e528f277aa0ed44f8311ff09f708c1124a8cf91b73e342cffe35676f07041ecb952de3b33b4b436c5c624b36f69c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c64751a97d845ff3463567cef86d549e
SHA1 475a2d3e62a6e421d32c9df0ada90c295b655173
SHA256 24d800e619af7009c542ea78701016dc7bf8ce21ff123eaf5552158981d4d560
SHA512 e838a270215afd5e685720df36b9951de1a146dc57fbdc538a84641c698dc1b6a6d9cd98f651d88f527222d0d0c0514d86125b9f47f9a8bb6c01e39e98482778

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bedcd4a1cf1a610f2d9a9ed025348bbf
SHA1 9e2768e434e92e438b301cad77eb4855ed4f603e
SHA256 e04e6ffac93749181ca79844b56d51907a60bd315db6f4f613878f98438934c7
SHA512 dfbfb3a6fc22d07abca1ca06366fea5ddf6435d6e64b675ef639aec6616fd14d08dcc3baaba4c82bfc1f9cf262cd2cf783922a16569c0e49ce239062e45e24ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b2c1.TMP

MD5 0d02d9832339538110262d930dc1a1d8
SHA1 805bdab19bfdfccce59170a41b1af5c7793e79f7
SHA256 b1619f20103ffa7f9f2f48205bbb6bc83f42ed55891faadc67cc7e87f9ef74f0
SHA512 6bd7d2a8e3aa93ea4205b8ba6d8c4d6cbdbc90c1bca9d77be49c8200f753a464dcaaa889113598d130848a26882e88e72113978e5c6f9f38f59d3790883cf334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e29248a6-ae14-4a32-b2b0-b15eef7e7c11.tmp

MD5 61df28715853094e7e1f8484f97e7663
SHA1 6b842abfe05836a47ba7b60cee37ba33c421c6b1
SHA256 bcea67642fbb45b4eeb3e2d81b8c396b8ca244d96291728423dc87803c3acd3d
SHA512 6fe33292d0abc786821e4c7382558b9eb9898c9555e4fa7ee70ff302c24466da30f7942b0bbfab70e6c4ac25e79fd6e37ac96aaf72ca3abe9debbba41ce41f24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab3b00867cbcf7a060703ea22af100eb
SHA1 8a98d22e13ca8d66e5ef59f20d85fb3972e4f3fe
SHA256 8e60b6d4c14d0b56ddaee7f6e39037955e6edab535cc501403af465e513434da
SHA512 ef7e0c41b247f437d48f1fe6d2a2f3b337c4a9f38081a9d158e2440cb70c7a5b79eaf4b29f78ba41824cb0eba341940fb1f8619c0cd27346898ab4e9a1b15557

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 170937257784a633fdc5276e55b2d37c
SHA1 89e6b52092b6b59b9f2164d730f87795cbbd8a0c
SHA256 d4ef1c19c5b7252e93be6f2ccffdf63a66481cf567ed16b2db36fce6e4dc4c74
SHA512 06be90cb66f5e0ae86e2e8643d1824de54796e3c2a0a6c4dcaca2d1a9f7f476bc1420167504c9f99f07da077ede2ea1ddb4f7bccbb9f94997e2cc3a9c825867c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58dafa.TMP

MD5 6cf7090d872224f968f3b6bab683baa4
SHA1 380eab3abcd7422883eb869ff4c71b6300971ddf
SHA256 c57d8a2f21a9b5b8cb7a125fef54e6b4f3e40c1fe977e6bf79bb6c9ee0aa2571
SHA512 7ddda0d49b01664b27d8e4e4d3eecd5f6629d87d0303dfc0806e90be75f65f33e184e31513bff645bc5c1cbeb12c89f52763b2b03fee96493e6528ae0fd55bdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 0ed8278b11742681d994e5f5b44b8d3d
SHA1 28711624d01da8dbd0aa4aad8629d5b0f703441e
SHA256 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2
SHA512 d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 51f467557c2dc2b97a1ed327115ff5e6
SHA1 da9e23fec234d5b7c0000d1b43ae660da3daa12f
SHA256 31946053d9281f861f807dd8735eb31a9b41b823f68a2435422429dad8ead56d
SHA512 55b68f06549437e6e137ee84ef1337968f13524cbdd7d5b3108b210d3414c06d797e6379564695f5a9f41cd4252345c9d38992ae3ed4c226c7563288f03083ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 f04cc7d5ee9150a73ba2eac920e78841
SHA1 92b4c0ad93889f3d1e851b83e0fd027caca10d59
SHA256 1a87118c3d118dade65324586a2930cf11fb929362f9612cc93f875c67e2c4bd
SHA512 52b1a050e6da4c57cba4623dd225844d83d9a47e4cb1f5512e4aa1365537022bbb0b9b3217465c258facf576b4706e577a83078f2fa71b4442a4a7624ac1fdab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 da1d252e947bce39c6b4fc3270383195
SHA1 f6e8fcd9d63683e56e457bbf1dfbd684586382fc
SHA256 28ac23c8020d600a3141888b982e3061d34aeaad83fe5993d8e61cf2a70b7bd4
SHA512 320539f5ec40d9bf31f6b9b7c1c99f6c644937060c5f29726b6719f2ff5d2043d237ddcbf4be20055e9b13673fc0e4e025d172bcd51495caf65ca57a689e2eb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 16c0a2c82dc0ab50f23123f7ecb11f51
SHA1 fbaef7794f352126af25aedaa99f1bc22d131f71
SHA256 5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d
SHA512 0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 0f978383950b924d31b77aad56c0ae79
SHA1 4481f7635c1cf3d98c542542d0106cfe498446e1
SHA256 afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77
SHA512 b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 b4e4c40ba1b021933f86142b1010c253
SHA1 8901690b1040e46b360f7b39ecb9f9e342bd20af
SHA256 a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae
SHA512 452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5effdac89cf57163e7de1548224cf36b
SHA1 706423fb7bc3e8a8acae2c1528e896c7c688947c
SHA256 24c52668245184f8179d919fda8875e821ddffaa1915ddc8a4df31f0877526f3
SHA512 541ea5d4a644c94bd90d5b2a1683f47d8ddc4d611747c2a830a77079ea3f3d4e1e7a261f618dab16379ae14267b6bd2f227c848893573a8ad8420d1cf69a6b7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 d84862513956cbe61aeb4ebbfdd3355a
SHA1 14ab269df17cb0333b1556ce120d587324479f6b
SHA256 a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5
SHA512 d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4aeb7d44529f26f5f9880f7b9f6fa2f4
SHA1 f362b204d5874bd404feeba6ad20186af6172dbf
SHA256 05940ccd1153d8f57c164e3c98e96226dedaaf045e4bf819c5506326b4bca305
SHA512 5c7a14ceb472913fccb9a341dc520b8f2a5ca3b1bd24ac2df907f5160cb5a0fc30580a0c4c4808b65b0a97c87857360348904e856d0ce91cede406a2369c622c

C:\Users\Admin\Downloads\Unconfirmed 933943.crdownload

MD5 86e0f88dcc69e631df6cfd28bb5babb1
SHA1 e7b3552cf10983c97bf3381fe66053f8f5a1ea9c
SHA256 baa175b6fa6ee27992d80995f9eae285f3a3eceb35b655c0c5a5f58b7ac748dc
SHA512 c2e0b76ea267cbe01019cd826c90ffcf84e88da1f16c83ae36cebe543cf75316b5a375a3f053165d4e8fe0b6d65a70558cb08693473d5710dc9de4a44fef7843

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46c84d228efceec02534395262f2754c
SHA1 6acf17646e703f387314686237426801c87437ba
SHA256 478d94aa3f5397ae96726e2399ebbe8949cdaae5d28c78073dacd72473ac90b0
SHA512 0b21ab972bfc9c72b0d874f4dc2f709a56c1675907eb32333c0e800b53dc485c37808773bc4043deaca159683fb176c3ac81d780647e12531c26e4576d971655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1dc3bb967cdf426aeeeaf7777b340046
SHA1 70787d886a017c0c1d84698d3d96d2939beb9233
SHA256 6504193876fdf2fbcb66a0a89cd3d949400ecfeb225c92b1af26949ca3aede94
SHA512 478926cef458af67e16b3959832cc827a464e426de1549e5853f84d0df12a614f700b37956f45f8de999cda33fb76580fcefc4499e53547ccf6652b778a860e1

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe

MD5 b311535e3673c225b4095f77ca7ea4f5
SHA1 4206e1cbe58428fdbc9b319b8919373646807583
SHA256 7662f1e4e1b4a52cce2fb8c57ffdd4ec8654f3bd1a830814845e75fdcd3f1735
SHA512 57d9d6e592a6cdc3a8ffd514ad21729de15fcdd8b4fd321ce013c9541e08ad6cf3a11bf1479464b5b0fff771552c19ccad2720239779fcd25290c436a287b6c2

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\skin.zip

MD5 d59a09fb475ed8cd967e1a5366d7884d
SHA1 8636b3f7d18482ce940607af9d0e51232d8491d4
SHA256 45a97dba97f3613ec8f357d9a36fe336c2795ead0f32081856b9b2dad4620ce1
SHA512 39a667a970f66ba6c28351a038c23bb4f4427e1b584a2cabf962711c64ad7540f09a00b2771c01c965d59f69b5b707e9659349aaf68b6f675695e9e83cf40e58

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\config.ini

MD5 048404eeb7f19ff7aea3e0e282b2668f
SHA1 4ee3a5f86c9cc6a0f2fd597e41264249d49d7e30
SHA256 536276708fd9e141dc5036a7feb791a2467c667bb16d7ce90bf2917a68a772a2
SHA512 6fe975bfc6994edb1fddab0fa635a6d34d5624836fa7f77f6029c13ff633ee0af49fe513f1bb24d7c3cc90e83fcba837d82c8e593ca6e68e8101d4f44cf43b2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28d297753391ed5afc1190c0d67c4547
SHA1 edd3867d9be9c52ea0f23c309a6882e625cf40f1
SHA256 917ed7c2a13ca43e172c37c178d96fd462d22e1855ea505a02bb7c854152c67b
SHA512 fbb523d517d66e1929529da5410dbe78523c6bc6e9b4d36ff61c6b538e4f8d08fdca240d1d68dc79a3c839c980836d0b193fe1be0f72fa1250b690c5cad05cec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

MD5 d41d72406bf403e2a2d1ec60ef889531
SHA1 3af9e732d1366595da6737bd0f943df4704ac4ac
SHA256 913bf99a86dde22866e137811794ce0a5737a1741583c2e06483c31a6b43629c
SHA512 e1268f335a51062f1d59dd392e13730045cf0b4eac1eef48659f280330a0c280aa3d28064a94918acb3b1c6f6d53ee674f9ecb51eb0e78729672205c25f490ff

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe

MD5 839708e3f96cf055436fa08d6205263c
SHA1 a4579f8cb6b80fe3fd50099794f63eb51be3292f
SHA256 1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752
SHA512 ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\baseboard

MD5 0ce266dae74ed7669e7075da1e0600e8
SHA1 c69253e45e98d96047c8dc60b4a0adfee92771d3
SHA256 5d0e133e7edfe5383cd7625b44604615f64a0c65b8c0986e400978e813cd5adf
SHA512 15602c131b494431a65bbbe9ee9c6ed47175fb54915082aab25dd6eb106c263904e1f9ba06caf0fd530a2ee38ad8cd4b5430ca8ff78d148b275febe68bec24a3

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe

MD5 dbd84c6083e4badf4741d95ba3c9b5f8
SHA1 4a555adf8e0459bfd1145d9bd8d91b3fff94aad0
SHA256 9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39
SHA512 fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f26adb4f725120721d9b581b9e0accbf
SHA1 dc17f7eeefcb7d63ea045659404a48b10e498409
SHA256 47cc2457a6bf52e037aa7e93d30b8695a6aea8537a526bd3d805eae18f413a4f
SHA512 e2dfcbf186a4647d53e289e04211ac088010b45f466e737232f397c63835d57dce5530a8986bdfd3b50e9b3a6d0c039603640241453785d547dc255a6dc2eb20

C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe

MD5 2f3d77b4f587f956e9987598b0a218eb
SHA1 c067432f3282438b367a10f6b0bc0466319e34e9
SHA256 2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e
SHA512 a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 74573a8359304e7bc22fcad18b339160
SHA1 dcecff8e2e6c79f14ec646d6c3ffbe42e2d19898
SHA256 df0648a91e483e3db7cae5eb610d5185e85b15e19b90bcbbd53c47a41c3d376c
SHA512 798a0ac02ec5600013e297f140e12212e14a92a9aade4356c2e5dec6cc31b1011e09830ff30da73492c2746463168ec59a347d7a66d066f525f1f6921c1b05dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 92e568aef33c25d3f0c42e8b32f15dbd
SHA1 b7234bcdadea9e6e0a8a91725a5609e5fc2e4895
SHA256 6e3c3b527962c490bc2ee07ed46459f4888af18b842f1ce4c16cfa364f0ae154
SHA512 be22b154fdecbdb69c5023bb96914c77a7ce1af92ad5fa7f69b9eab2be1117fd2c9857511365d202b5608d23e92c3e47c2f412011c6607b20689a0ef441d9541

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 14:12

Reported

2024-05-25 14:16

Platform

win10-20240404-en

Max time kernel

131s

Max time network

141s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\UniteFxUpdate.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\UniteFxUpdate.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.80.50.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-25 14:12

Reported

2024-05-25 14:15

Platform

win10-20240404-en

Max time kernel

131s

Max time network

140s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\api64.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\api64.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A