Malware Analysis Report

2024-10-10 12:53

Sample ID 240601-l6gvsaad84
Target https://disk.yandex.ru/d/uwm9EzXITydBcg
Tags
dcrat infostealer rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://disk.yandex.ru/d/uwm9EzXITydBcg was found to be: Known bad.

Malicious Activity Summary

dcrat infostealer rat

Process spawned unexpected child process

DcRat

DCRat payload

Executes dropped EXE

Looks up external IP address via web service

Drops file in Windows directory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 10:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 10:08

Reported

2024-06-01 10:13

Platform

win10-20240404-en

Max time kernel

300s

Max time network

307s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://disk.yandex.ru/d/uwm9EzXITydBcg

Signatures

DcRat

rat infostealer dcrat

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\schtasks.exe

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\NeverLose Crack.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Program Files\7-Zip\7zFM.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617101386246911" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3200 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://disk.yandex.ru/d/uwm9EzXITydBcg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc1cbe9758,0x7ffc1cbe9768,0x7ffc1cbe9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5216 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1948,i,5436727207858653870,504791177506994182,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Users\Admin\Desktop\NeverLose Crack.exe

"C:\Users\Admin\Desktop\NeverLose Crack.exe"

C:\Users\Admin\AppData\Local\Temp\LouderSetup.exe

"C:\Users\Admin\AppData\Local\Temp\LouderSetup.exe"

C:\Users\Admin\AppData\Local\Temp\l0ader.exe

"C:\Users\Admin\AppData\Local\Temp\l0ader.exe"

C:\Users\Admin\AppData\Local\Temp\is-CO9HA.tmp\LouderSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-CO9HA.tmp\LouderSetup.tmp" /SL5="$80296,45274383,119296,C:\Users\Admin\AppData\Local\Temp\LouderSetup.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Surrogateprovidercomponentsessionmonitor\IunhaqXap08DKqI9BwrsBykj.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Surrogateprovidercomponentsessionmonitor\8ga0RcvDKX2M.bat" "

C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe

"C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe"

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chrome" /sc ONLOGON /tr "'C:\Users\All Users\Adobe\Setup\chrome.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "chromec" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\Adobe\Setup\chrome.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Defender\uk-UA\sihost.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\explorer.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Users\Public\Documents\My Videos\spoolsv.exe'" /rl HIGHEST /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "sysmons" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\sysmon.exe'" /f

C:\Windows\system32\schtasks.exe

schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Users\Default\Videos\csrss.exe'" /rl HIGHEST /f

Network

Country Destination Domain Proto
US 8.8.8.8:53 disk.yandex.ru udp
RU 87.250.250.50:443 disk.yandex.ru tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 docviewer.yandex.ru udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.148:443 docviewer.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 50.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 148.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
RU 87.250.250.50:443 disk.yandex.ru tcp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.77:443 yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 dr.yandex.net udp
RU 93.158.134.242:443 dr.yandex.net tcp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 ads.adfox.ru udp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
US 8.8.8.8:53 77.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 242.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 an.yandex.ru udp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.90:443 an.yandex.ru tcp
US 8.8.8.8:53 favicon.yandex.net udp
RU 87.250.250.36:443 favicon.yandex.net tcp
US 8.8.8.8:53 ysa-static.passport.yandex.ru udp
US 8.8.8.8:53 182.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 90.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 px.arcspire.io udp
US 8.8.8.8:53 acint.net udp
US 8.8.8.8:53 ads.betweendigital.com udp
US 8.8.8.8:53 cm.tns-counter.ru udp
US 8.8.8.8:53 dm.hybrid.ai udp
US 8.8.8.8:53 dmg.digitaltarget.ru udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
GB 35.177.4.157:443 px.arcspire.io tcp
NL 37.230.131.16:443 dm.hybrid.ai tcp
NL 37.230.131.16:443 dm.hybrid.ai tcp
US 8.8.8.8:53 euw-ice.360yield.com udp
RU 194.226.130.226:443 cm.tns-counter.ru tcp
NL 188.42.191.196:443 ads.betweendigital.com tcp
US 8.8.8.8:53 dsp.mpartner.digital udp
RU 193.3.184.137:443 acint.net tcp
RU 185.15.175.130:443 dmg.digitaltarget.ru tcp
IE 52.208.202.34:443 euw-ice.360yield.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
RU 84.38.189.44:443 dsp.mpartner.digital tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ad.mail.ru udp
US 8.8.8.8:53 sync.dmp.otm-r.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
RU 95.163.41.56:443 ad.mail.ru tcp
US 8.8.8.8:53 exchange.buzzoola.com udp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
IE 63.32.81.13:443 dpm.demdex.net tcp
DE 195.201.106.117:443 sync.dmp.otm-r.com tcp
DE 195.201.198.232:443 exchange.buzzoola.com tcp
US 8.8.8.8:53 eye.targetads.io udp
US 8.8.8.8:53 ssp-rtb.sape.ru udp
US 8.8.8.8:53 gw-iad-bid.ymmobi.com udp
RU 51.250.77.168:443 eye.targetads.io tcp
RU 193.3.184.216:443 ssp-rtb.sape.ru tcp
US 47.253.61.56:443 gw-iad-bid.ymmobi.com tcp
US 8.8.8.8:53 kimberlite.io udp
RU 217.199.220.43:443 kimberlite.io tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 8.8.8.8:53 match.new-programmatic.com udp
US 8.8.8.8:53 mitdmp.whiteboxdigital.ru udp
US 8.8.8.8:53 nr.bidderstack.com udp
US 8.8.8.8:53 profile.ssp.rambler.ru udp
US 8.8.8.8:53 px.adhigh.net udp
RU 217.65.2.150:443 match.new-programmatic.com tcp
RU 81.163.17.245:443 mitdmp.whiteboxdigital.ru tcp
DE 94.130.221.58:443 nr.bidderstack.com tcp
RU 91.192.149.30:443 profile.ssp.rambler.ru tcp
RU 193.232.148.134:443 px.adhigh.net tcp
US 8.8.8.8:53 sm.rtb.mts.ru udp
RU 217.66.147.37:443 sm.rtb.mts.ru tcp
US 8.8.8.8:53 rtb-eu-warsaw.intent.ai udp
US 8.8.8.8:53 36.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 157.4.177.35.in-addr.arpa udp
US 8.8.8.8:53 16.131.230.37.in-addr.arpa udp
US 8.8.8.8:53 196.191.42.188.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 34.202.208.52.in-addr.arpa udp
US 8.8.8.8:53 226.130.226.194.in-addr.arpa udp
US 8.8.8.8:53 137.184.3.193.in-addr.arpa udp
US 8.8.8.8:53 130.175.15.185.in-addr.arpa udp
US 8.8.8.8:53 44.189.38.84.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 13.81.32.63.in-addr.arpa udp
US 8.8.8.8:53 117.106.201.195.in-addr.arpa udp
US 8.8.8.8:53 56.41.163.95.in-addr.arpa udp
US 8.8.8.8:53 232.198.201.195.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 216.184.3.193.in-addr.arpa udp
US 8.8.8.8:53 168.77.250.51.in-addr.arpa udp
US 8.8.8.8:53 56.61.253.47.in-addr.arpa udp
US 8.8.8.8:53 43.220.199.217.in-addr.arpa udp
US 8.8.8.8:53 58.221.130.94.in-addr.arpa udp
US 8.8.8.8:53 s.uuidksinc.net udp
US 8.8.8.8:53 shopnetic.com udp
RU 217.66.147.37:443 sm.rtb.mts.ru tcp
NL 185.98.54.153:443 s.uuidksinc.net tcp
US 8.8.8.8:53 sonar.semantiqo.com udp
RU 23.111.37.244:443 shopnetic.com tcp
FI 95.217.109.66:443 sonar.semantiqo.com tcp
RU 81.163.17.245:443 mitdmp.whiteboxdigital.ru tcp
US 8.8.8.8:53 ssp.adriver.ru udp
RU 195.209.111.7:443 ssp.adriver.ru tcp
RU 195.209.111.7:443 ssp.adriver.ru tcp
US 8.8.8.8:53 vma.mts.ru udp
RU 217.66.147.39:443 vma.mts.ru tcp
RU 217.66.147.39:443 vma.mts.ru tcp
US 8.8.8.8:53 sync.bumlam.com udp
DE 31.172.81.9:443 sync.bumlam.com tcp
DE 31.172.81.9:443 sync.bumlam.com tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 sync.gonet-ads.com udp
RU 88.212.202.52:443 counter.yadro.ru tcp
NL 188.42.105.236:443 sync.gonet-ads.com tcp
US 8.8.8.8:53 sync.upravel.com udp
US 8.8.8.8:53 tech.rtb.mts.ru udp
DE 148.251.237.106:443 sync.upravel.com tcp
US 8.8.8.8:53 x01.aidata.io udp
RU 213.87.44.187:443 tech.rtb.mts.ru tcp
RU 213.87.44.187:443 tech.rtb.mts.ru tcp
US 8.8.8.8:53 yandex-dmp-sync.rutarget.ru udp
RU 89.108.120.68:443 x01.aidata.io tcp
US 8.8.8.8:53 yandex-sync.rutarget.ru udp
RU 188.72.107.194:443 yandex-sync.rutarget.ru tcp
RU 188.72.107.194:443 yandex-sync.rutarget.ru tcp
US 8.8.8.8:53 150.2.65.217.in-addr.arpa udp
US 8.8.8.8:53 30.149.192.91.in-addr.arpa udp
US 8.8.8.8:53 134.148.232.193.in-addr.arpa udp
US 8.8.8.8:53 37.147.66.217.in-addr.arpa udp
US 8.8.8.8:53 153.54.98.185.in-addr.arpa udp
US 8.8.8.8:53 66.109.217.95.in-addr.arpa udp
US 8.8.8.8:53 244.37.111.23.in-addr.arpa udp
US 8.8.8.8:53 7.111.209.195.in-addr.arpa udp
US 8.8.8.8:53 39.147.66.217.in-addr.arpa udp
US 8.8.8.8:53 9.81.172.31.in-addr.arpa udp
US 8.8.8.8:53 236.105.42.188.in-addr.arpa udp
US 8.8.8.8:53 52.202.212.88.in-addr.arpa udp
US 8.8.8.8:53 106.237.251.148.in-addr.arpa udp
US 8.8.8.8:53 187.44.87.213.in-addr.arpa udp
US 8.8.8.8:53 68.120.108.89.in-addr.arpa udp
US 8.8.8.8:53 194.107.72.188.in-addr.arpa udp
US 8.8.8.8:53 downloader.disk.yandex.ru udp
US 8.8.8.8:53 solta-sync.rutarget.ru udp
RU 178.170.195.115:443 solta-sync.rutarget.ru tcp
RU 77.88.21.127:443 downloader.disk.yandex.ru tcp
US 8.8.8.8:53 sync.dsp.solta.io udp
US 8.8.8.8:53 s455vlx.storage.yandex.net udp
RU 217.199.220.72:443 sync.dsp.solta.io tcp
RU 5.45.238.255:443 s455vlx.storage.yandex.net tcp
US 8.8.8.8:53 115.195.170.178.in-addr.arpa udp
US 8.8.8.8:53 127.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 ad.adriver.ru udp
RU 195.209.108.47:443 ad.adriver.ru tcp
US 8.8.8.8:53 72.220.199.217.in-addr.arpa udp
US 8.8.8.8:53 255.238.45.5.in-addr.arpa udp
US 8.8.8.8:53 match.ohmy.bid udp
DE 167.235.9.235:443 match.ohmy.bid tcp
US 8.8.8.8:53 235.9.235.167.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
RU 77.88.21.148:443 docviewer.yandex.ru tcp
US 8.8.8.8:53 static-mon.yandex.net udp
RU 87.250.251.92:443 static-mon.yandex.net tcp
US 8.8.8.8:53 92.251.250.87.in-addr.arpa udp
RU 77.88.21.148:443 docviewer.yandex.ru tcp
RU 87.250.251.92:443 static-mon.yandex.net tcp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.179:443 ads.adfox.ru tcp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp

Files

\??\pipe\crashpad_3200_SMWSXQZCVXAWAKIP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 6a398c523b4af71cc52ccac6368818a4
SHA1 62227e5498db7cd86e0b6e68dd2530dec33905e0
SHA256 0375bff344824419266a6621456ddbec01cd642035d6389f03c6d6ec299d81db
SHA512 882621913e323b9c89fb68561bf78f104e629e1741245fbe2d0a8b8a9404d5ed961106f9e717f040cbd145ef901b1e8b0b787786a79eb2b15d4e3c597e3c2580

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7abd30ef122db8a0456ec9fce5f89f59
SHA1 15fb7fc27a0e90bc72d257e0e5ceeda16a4cdbed
SHA256 9a4c65dd5560588661a275ff9e516a76af9426e184dc823cdb6d6a7cdd3d1793
SHA512 4bc5f400d2d63b4a1badde1ea6366f6cb9e3946d45807c248499f005fb1920edaeca465253333c9c73f595f2f85c6fd4a8a691e3fff67d335796f736aa5d6c3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 344b8d0db013d2e42a4203bef16a2052
SHA1 385ec2565e0a851f09ec7d4e0b13881c19c622e2
SHA256 a9414eeea0e845106139eb13c4678025499045b6cafd9a2b2208f0afc3fece39
SHA512 1b79441e9832886a30560c3ccbdfadd013fe7b90b7d14db49ec2abc454b779295b5c5e9daeafe55e20fc6e6595daa81c83f3f6da9661a4ed012b6d99a4c9ba83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c39732c1-569d-4af3-8e43-e8cbb480131b.tmp

MD5 86af0f2889183b706d32e62bb893c807
SHA1 6f554f84e7c17637376232cb9fa500fc7b395cf0
SHA256 3ce89f805321031db1a9a7ad9c173519a41fd37a542ed92a0f6100ac86a2e8b3
SHA512 86fafc8a5a01992f37d604f7281b7371d183889ece2ac1a2d0e83b8f7f72949c1eb190a565446a97c158b909f6f51819c15bb56065a1a875a689650f38e656be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 030a1badd8f95e7178ae4de3084b5267
SHA1 34da52f818e36a6a2c53307e48dda1000bc7e73d
SHA256 a67cb7878d3c2af81ff74fa706e2a4c4ac545981e9430db124b7c904df734529
SHA512 40ddce409252e273751540d20f52b52fde980b7e1288ef0596f9e13c42bf563cd3d019399db2ff270325a2af79533452752a09f25a8dbcfcf967e7b31ea88233

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 42f369110424ee565dac03e41d8ec912
SHA1 d1c2e59097cce3d2678e621c7ef8ce7199a3e918
SHA256 3c8ff3ac2922ed107862c79f3600d69ed208cfb92ae56abc635a419b65dd1a36
SHA512 d77b77fca5120a40cbc51324863eca436cec74005483b07c4755acaa23dbd338d93ff3f2bdd52931175b95a980b4ce17b61c8c1d88aaea8ae162eb48c4ae82ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 440095c927d02228bc2c5a2edc4c2a45
SHA1 6e9af90e103d9c5af89c097f8cd284b0d58ed339
SHA256 3ef4584a5484246df92ce063055ab55b5a684b76c351637778c6bd12ec4c2436
SHA512 9bd3d42778e6f66bf5a05538979ded3e78038172c8d407b9d775bce1c933252fb1e15cc971b1414fc3f4589c1e81bc203b73e1316fbbcd1568658b952fdc2ee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7990ad3c579a0ed86f28770b7074338
SHA1 d9400217869ec82336e0c4c1a452036d04c094ac
SHA256 375010e6fea99046b3ecc045be5eec81006f59729f85ad2cf673dfbbaff5c670
SHA512 ed56bb05ef9552376386476560dd8034303f39a4f92163a15e26d320ebea8dce1d5aab6c2dd7b17e3377be45c6af6bd1a6dbd305c457b7374309a19506d5a684

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43833095aeda4849f801592c35eb0ccb
SHA1 3ac5c8f44fcfa48ccd1e619894c073264a7f9798
SHA256 cb608dc3c011f5bc6d7b9de2fdaef80508189e9da81548d77f59cccfe9c1bc75
SHA512 89f13c334bd1eed0f49daef3c3cc889324537f1909a7f72dbb848f813e8a8486a870d84c2640f7ab4b5a0d7f512d670d700d41bdfdda776b558c2906f20f0bca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 038bcfd62277683209409a18c03d30fe
SHA1 270df51863442b8e3ab6536f1ba8046559d61204
SHA256 fdee76a6f0a0a17d78ed0ba3f768446d9c63d34b760260df72873057dacac543
SHA512 550693aacc219961e5046c3130a37c7d78acc127cf0f16c3f33896cf6ada45e7f9d7abc456c711a093d0c7bf7f66c33af16479f4f34a4a37fb69f88f865046f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 7f0cdaf91230f9789ca4162aedff612e
SHA1 965de571aa794dab64076c3cc64dc8894b843f23
SHA256 033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
SHA512 444460846fa2bfddd7990c792c6fd8389c564b5c967b5cc10fb3717117c5424fa33f23f8c4cffefad176016a79be5557920908cc82f7942700a0fac71eefde36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ee0a9b8b3220f3c77a9b39347f08976
SHA1 df409d1b245a5a2f046bb7b0e2db409789e0695a
SHA256 62c7a467c97c8932b60dbb0b6fe3a1ecfe877f41e25dd8f5ed27cfb35d75fb4a
SHA512 82e20ebfba63e4b72aaf4c8ac3d71bcd12ac3d4ce709b9266298e5b7b64bec2d1b5a6bc7aa869d8575342c3093be559ab6a7c52bf515f64db9f01a5558ba8003

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bc2cd956ca5cf0c681043b98f00a68cc
SHA1 ecb9948056effd05413218e34de7ac8a7c700baa
SHA256 5016363af5643fc1124dc364ac7e0f3ac3b99989e19482af66736c96472010a4
SHA512 ee9297d9307576d2b0c5e61c7cb5938b62eefb4eeb4e0c97a035414c8cc92f18696816a1005c4b2854b399c6201ab44f8dac3feeb601db5c3cf5b00de230786c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d2a66470-005e-4f4a-abba-3ede694c0689.tmp

MD5 ec41c49baf19cabe71d59afc230c0b2b
SHA1 4a07f113d99c02e8162c5e7009e33c1bfbbcd869
SHA256 feb8ba0445d6050ab70c369cc483075b3f5bbaa01853ad8a7ff8779b22f138e3
SHA512 674f6e024c734cce1cb4f68c81efbf3cb116b1f8056272ddd4243403c261bbeaafbf7e1a03a0c99451f8915f2062fdd750c0a52997aa3c9f01398a399da08479

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ba1b4fb9487129b380abdc6913b1ccc8
SHA1 5b66298027fb400dc2971a1cd4456bf3ec30b30d
SHA256 c5ca9f6b749c9b90ccec33f8f20ac05d9ed501c5955ba0fcde76aebe064a1bcf
SHA512 01dcd03f9fb9f7d7c88173b32dd779db1cf7a3f183ecbe0d6c7b8f59588253eb9726c41a5c7d0a6f121de76b2a87ca0c07731aaca865d98825bbaa75dc32d114

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597cc7.TMP

MD5 671ef3dbec8cb7e29abfe28f17d66fdb
SHA1 67eaf42b42707cc956a082c61a3004a959603597
SHA256 504ec4ecc8736d8dcfb8e0b6495f5aa7c3ec72c32b11904564632d85a1243e1c
SHA512 b4cf9f03c0e04d3a63994382bff5d4bbf0e7752b184921855f2069e382c9e71a4684ca4a8a1c98c7cab12c8692179a99456d6d170ece34604c77ff6b43f5bd3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c0dd1d2ad95553dd7a734a87174f9c9
SHA1 49a5a6bf69def24d6012a9c059b89db4b4be7272
SHA256 7df64df88c6e72ebbec08fc651dc6a45a6e624709ac00c951140025ff00533ab
SHA512 a252d1a6847a260bbb8c21991b046d89ed44d8c3c479dde583029b582973e51f4a7cf46e9f15026ad88a0f45bdb9c71a363b799f23e2d2ee082921b75237f1b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0022b930ffb2243a53d783eafb894d4b
SHA1 929627012db39a423e6781902e320f5fa5602810
SHA256 1dc09df2e3bc1ceb72e9828f75dc9bad12f30aa1870848548b6fe2c586df69af
SHA512 f5c8358ce3833749cd4da82c7cc8967ca9dcae81d4224af61d28924cb970c79e99f19c78ed9bb6631d6152c169095ee808d848e1bd6e45b47210f05f5b47c211

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d54579b249f6a708d1a799bb945f8dcd
SHA1 792e8a6c782c953217894603826e33985b0c7860
SHA256 c8ff04993aac23bbfedaf18797ea0b6df083a22e2cc8d12c044a27fff9fad304
SHA512 8177bf206264312394ddecbea61b40ba0355b92c29f8c7bad9341270e9242630d3c7965ea97674f7dad28850a2de303a655e7ac6398fcae5b7830bbb8861eb21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1a90859108a74ba7aa2143176babc96f
SHA1 6ef9874b6906e3aa415244cee51c59ac9f3f79c6
SHA256 27e4b7070f4b08d2aaafecc93c6248f6efa8576f0f33fb578b60293007801b3d
SHA512 9536046f6748fc8546f94e77f4d6e53d1c1fa6bba215ed3e4eb13547ac9039e11cd69a313866e52b7deab58c48df6d2b0f9d0697505b207e3d05a75a56907e1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 813147fe21d95c1cc2ac6aaa0bf672bf
SHA1 7d9f8ab577fc016bf967ddc4cb233e9277eb5560
SHA256 9406c8e4afd4d415e93fa14af1542398e8d2c47a2a93d634cdaeb0517713c029
SHA512 5f86f9ef1243d1c53febe93051f15c10505f2583342abaa720048316f25a35c62903130f7b1c2e3e02ff8486412331e26ed63351811432b2f867d5dca016058f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5aac7d.TMP

MD5 c4476697cf8d0a24ec5b7778d75954ed
SHA1 23e5ae8b5d1f6f136f07f6854d6e52d23076f310
SHA256 0a17eb2e34045ad81cddf4e2659bc5391e5cb8d30856543e921422aafd6ea7d0
SHA512 ab70a7aac8bfb705aa4a4288a37f79ec6ecee4d91189041eb87d611ecca4ea4df12902c457d8481c258377190975f5828ec53a46288a8916fd47f38bd3a72f22

C:\Users\Admin\Downloads\NeverLose_Crack (1).zip

MD5 84934afeea191833af1a66182637375e
SHA1 e934d90ecc6137ec2d49418c4f93adadbe0be2ef
SHA256 84fe1db6c8e064e7562e3309c3a811335705e211d501df7babacdc2895519492
SHA512 79a5bca983a47cec7f99d094b1889f919f7f97bc0bfdaa7dfe282ec06a5a8f8b00a55c8096e2735a6e94035ed7a8fc6712b22a2619f181d43eb38488b5d79885

C:\Users\Admin\Desktop\NeverLose Crack.exe

MD5 10a85698b553f78744a78656d2161011
SHA1 e97173f84c88f7ece70f5742ca2a4651915f2f75
SHA256 2f1294d67bbec2a1b3792bcc877b0a613e1a22950ad86889a042c6498b85da0e
SHA512 3cddfed820702c9cc85482b42573246d152f89cd3193fe8f8be45903a4119ae7deadc54c8159e8e0391e4500eaf18be1d8f7ecec602b462e65252b1517856453

C:\Users\Admin\Desktop\NeverLose Crack.exe

MD5 2897945a51db87b4efb741738320409c
SHA1 dd389249fd9d4cf0a1e9161885de4931ce1e8a3a
SHA256 84bedf3fe35abd450c8badfaa442c5cdbe5b347aaa5b5a1400c4b0a5f058f763
SHA512 ff904b99501c21a34e36d351ba6345c0a0abe0a439994da641dd91dd969a5333ddb69bc0bbf1e94a52647a926c27665c86c720f5caf10f79699e055cc4efc7c2

C:\Users\Admin\AppData\Local\Temp\LouderSetup.exe

MD5 2429896cafc41ab210a18bbaa83226fb
SHA1 4611a4174f9cbd6ae6564dd7009000e808a4e870
SHA256 8df597cc3880b3ce672aa6b813f13da146b8e5d1a15282ec63cbd3cd489ff1da
SHA512 3a4b7a9eddeed084977cdd9b17da82d12068cf585a7598dc093d8c7d015d0cef625ecd7db1963364c0c818919a293acb8782f027b0ba12e394302928fae44cf6

C:\Users\Admin\AppData\Local\Temp\l0ader.exe

MD5 15df34e5255fa4836e43adce3bade388
SHA1 d42b6dc36fa36fd6be8f45584e8a1c0f98c0f21d
SHA256 eceda7f8e73a7cb3eb1ed8c77c7903491ca85c2ff899fa51257164646ee2a5c0
SHA512 7d33324896c15e7259baa5cc77613e9cc725ee18fdd55a240f35a4817353797038b14c18fb2796177a176faa9e1d344b41bcc7c77e007cf71880b2e738ad9127

C:\Users\Admin\AppData\Local\Temp\LouderSetup.exe

MD5 e384cab755a6f85fee08b9081df4715f
SHA1 30a9fea7c785146b9a9f107081e82fe7701684e6
SHA256 6af45335ecbc48cbc6c76a0713b503a9f5b99e8109d8dff5108e3647c2721c5b
SHA512 caf31f8ab2fd8d390beab85143cd29876a1f9671746250cbd4f1bc7856a71c03121dfb640087cc11871df59a015b2719e7e637f3ea0c121957121017f328b991

memory/2176-452-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-CO9HA.tmp\LouderSetup.tmp

MD5 129b8e200a6e90e813080c9ce0474063
SHA1 b5352cdae50e5ddf3eb62f75f2e77042386b8841
SHA256 cf0018affdd0b7921f922f1741ad229ec52c8a7d6c2b19889a149e0cc24aa839
SHA512 10949e7f0b6dd55e0a5d97e4531ef61427920cccc2136c0dd3607cdc79afa0d8a7178965a07039948da97f0200ead8fe5a54921620c943c7fc76dd5ef5a7c841

C:\Users\Admin\AppData\Local\Temp\l0ader.exe

MD5 8c1fbe5da978075035c6b36e7a7d4d2a
SHA1 b3be9760716918fbcf7e35db3767c2255cc651be
SHA256 ec8d0a0bd6eb830f865c963bcc71f9fe7ffbb59063bb7bdb9c6e90d5845077ba
SHA512 7c88a6e8d72a9a5efde26fa7ac12a506cfa29357689e22a621a32ce9cf4862ae84e74723ad6c27a9ddac8062f5fb7c450d3a8086bb73abaf004caaf646827e91

C:\Surrogateprovidercomponentsessionmonitor\IunhaqXap08DKqI9BwrsBykj.vbe

MD5 9de2305203e604c909eb19c15b6f2ab7
SHA1 2d1c3acc85d254dd0187d727b58a6b68f77e12fd
SHA256 cfb25eaef8a3e6bb8be5caac8621ddc7ee347aa4321305d73651ebc46cf9ff6c
SHA512 c4c07a2954b9617c13c41683df123aaf473e8b4076d8e75a77f29f7055db2a5b4257fb5b9b1c33532826438e206785f6a43917be6bceed4a5ee4a53d040f48ef

memory/5076-458-0x0000000000400000-0x0000000003157000-memory.dmp

C:\Surrogateprovidercomponentsessionmonitor\8ga0RcvDKX2M.bat

MD5 6de687cf7ca366429c953cb49905b70a
SHA1 58e2c1823c038d8da8a2f042672027184066279e
SHA256 80d02a1cb8e68ffbc609a6c4914600604153ce929d46994200f837d354a5a611
SHA512 6bfa7a07d6adf167458cece0ba3a110479ee7677feb58c0ae9ba5c8913bcdda13664060ce0261abc1668c18831d5c73f6bc570be8595323d46704b810fc024ef

C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe

MD5 fb321d2679f7076e9e0aa40c64a3f384
SHA1 9a733b40b3d9ad3170bc5f5f8a528587351f17f8
SHA256 2200a9dbecb7d0efc0c275c020477962e43a688da6b5a6f7876d139d2261ace6
SHA512 b2fb9a95f6858983c27eb6b4764c2ddacb509c078ed3c65eda8d6d4f260371faec47ff25b6abfcd5c757c1ed784414afa554c6c0089e0fefbb3b333671247481

C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe

MD5 3fed9aa397fa8f2fc25f8d7b25a3cdb5
SHA1 ee2b66b386527e258513bfd23f347caec9021826
SHA256 aaa4674d0c2ed7b74bdd59f70072be9f7112bad46fbc20937ef68cafdf063faf
SHA512 2f758e03032aa351869ea0dd6a14b6df1a231376e70615487dc2fb60aa7075635a90eec496a611e1a4805638954001c1b60c3848b8a56110c8bac1004f1451e6

memory/2028-477-0x0000000000280000-0x00000000003F2000-memory.dmp

memory/2028-478-0x00000000024D0000-0x00000000024DE000-memory.dmp

memory/2028-479-0x0000000002510000-0x000000000252C000-memory.dmp

memory/2028-483-0x0000000002540000-0x0000000002550000-memory.dmp

memory/2028-482-0x0000000002560000-0x0000000002576000-memory.dmp

memory/2028-481-0x0000000002530000-0x0000000002538000-memory.dmp

memory/2028-484-0x0000000002580000-0x000000000258E000-memory.dmp

memory/2028-485-0x000000001AF70000-0x000000001AF7A000-memory.dmp

memory/2028-480-0x000000001AFC0000-0x000000001B010000-memory.dmp

memory/2028-486-0x000000001AF80000-0x000000001AF8C000-memory.dmp