Malware Analysis Report

2024-11-30 05:22

Sample ID 240710-vnlkpasbja
Target https://www.mediafire.com/folder/pcu35b6nrb60w/qeUaxJCA3FO
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/folder/pcu35b6nrb60w/qeUaxJCA3FO was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Suspicious use of SetThreadContext

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-10 17:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-10 17:08

Reported

2024-07-10 17:10

Platform

win10-20240404-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/pcu35b6nrb60w/qeUaxJCA3FO

Signatures

Lumma Stealer

stealer lumma

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3908 set thread context of 660 N/A C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions\Cached C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651049057146205" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4340 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 3508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4340 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/pcu35b6nrb60w/qeUaxJCA3FO

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8074b9758,0x7ff8074b9768,0x7ff8074b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4960 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5008 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4776 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5996 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:8

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ResetConvertFrom.png" /ForceBootstrapPaint3D

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe

"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\" -spe -an -ai#7zMap28880:136:7zEvent5299

C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe

"C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\qeUaxJCA3FO\" -spe -an -ai#7zMap5254:84:7zEvent5112

C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe

"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5364 --field-trial-handle=1744,i,13318526533722600413,14325071125210046686,131072 /prefetch:2

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
US 104.16.114.74:443 static.mediafire.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
GB 18.154.84.20:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.210.14:443 connect.facebook.net tcp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.46:443 translate.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 20.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 14.210.240.157.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 52.43.36.165:443 api.amplitude.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
DE 157.240.210.14:443 connect.facebook.net udp
US 52.43.36.165:443 api.amplitude.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.16.227:443 www.google.co.uk tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.187.234:443 translate.googleapis.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 165.36.43.52.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.210.35:443 www.facebook.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 35.210.240.157.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.187.234:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
GB 172.217.169.46:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 172.67.142.121:443 g.ezodn.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 104.16.53.110:443 otnolatrnup.com udp
US 8.8.8.8:53 download2274.mediafire.com udp
US 199.91.155.15:443 download2274.mediafire.com tcp
US 199.91.155.15:443 download2274.mediafire.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 104.21.87.79:443 bshr.ezodn.com udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
IE 34.251.46.222:443 bcp.crwdcntrl.net tcp
IE 54.72.120.129:443 bcp.crwdcntrl.net tcp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 222.46.251.34.in-addr.arpa udp
US 8.8.8.8:53 129.120.72.54.in-addr.arpa udp
US 8.8.8.8:53 15.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.16.53.110:80 otnolatrnup.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 woreppercomming.com udp
GB 18.165.227.8:443 woreppercomming.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 172.67.141.135:443 www.chancial.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 18.196.234.178:443 www.opera.com tcp
US 8.8.8.8:53 8.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 135.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 178.234.196.18.in-addr.arpa udp
US 8.8.8.8:53 download2334.mediafire.com udp
US 199.91.155.75:443 download2334.mediafire.com tcp
US 199.91.155.75:443 download2334.mediafire.com tcp
US 8.8.8.8:53 track.wargaming-aff.com udp
NL 35.204.100.195:443 track.wargaming-aff.com tcp
NL 35.204.100.195:443 track.wargaming-aff.com tcp
US 8.8.8.8:53 track.wg-aff.com udp
US 8.8.8.8:53 75.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 195.100.204.35.in-addr.arpa udp
NL 35.204.100.195:443 track.wg-aff.com tcp
US 8.8.8.8:53 trck.wargaming.net udp
LU 92.223.23.231:443 trck.wargaming.net tcp
US 8.8.8.8:53 231.23.223.92.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 citizencenturygoodwk.shop udp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 8.8.8.8:53 bouncedgowp.shop udp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
US 104.21.81.196:443 bannngwko.shop tcp
US 8.8.8.8:53 bargainnykwo.shop udp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 8.8.8.8:53 55.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 198.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 affecthorsedpo.shop udp
US 172.67.135.137:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 radiationnopp.shop udp
US 172.67.196.169:443 radiationnopp.shop tcp
US 8.8.8.8:53 196.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 93.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.135.67.172.in-addr.arpa udp
US 8.8.8.8:53 answerrsdo.shop udp
US 172.67.203.63:443 answerrsdo.shop tcp
US 8.8.8.8:53 publicitttyps.shop udp
US 172.67.134.88:443 publicitttyps.shop tcp
US 8.8.8.8:53 benchillppwo.shop udp
US 8.8.8.8:53 169.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 63.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 88.134.67.172.in-addr.arpa udp
US 104.21.81.128:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 reinforcedirectorywd.shop udp
US 104.21.83.48:443 reinforcedirectorywd.shop tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 128.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp

Files

\??\pipe\crashpad_4340_VSGOZLHKRRCSGNNS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ff15ce3b4c235f01fe2e7c12a16473da
SHA1 7a61f18eab6b743ec13a295f757e3d1763c5d65e
SHA256 ee0a6a4612c120ac5852285fc7d76b9042e53d67965391df4ad5a45b2f3eb809
SHA512 d471b847283889101b7d40c2edd397a6c77db72dedc625c94acd38b1f1a5efa0a5f67131cb585280f734a84f5be1ba979dfc2e1c3da5317444d2f729545d6b8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd759183675586ff683261592aff102d
SHA1 f5653e7460d2545b827383de7f8a5db304aabb4a
SHA256 581b6f12733fe700617f5a45202cb2d3ea488888f034425e4b59aa4db89d70e7
SHA512 049efeb5590f412740162def7b0e8cb0019b4f964f026f5b33e999086a1f1913067b3a664fa19e33f25b4efb103162f22cf3d23f983bbee551db801850524b02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b46585e1c50e9579a9e499500a59a450
SHA1 64e6e03a093e0a07a629bf81be83527df6a72d66
SHA256 ec553f101fa618d816c61e199c2058f65437f51ddb4ab24db674a3ee0996b6b2
SHA512 b1e4e748afa27da2fc754fe2fc0257cad86c057a98c3982ba3b3a5a4aeae80c8312317c55a2558d0c8c3de47b22e2683a58184ab8479dfd38a9e9e1b3234c258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 419cb87eea0a14990a3be016793cb112
SHA1 2e35de87be431bd96dd5ccf4250b6b1f42e7413e
SHA256 87af132c8cb0c13cd8bacafbd5e279f5325fe969977b91b5586a87d447aec484
SHA512 af5d4e9887ee8b64b4cd5d098512699206c0484ded49c605ea14c15bb605713448bdafd5599ce6e253fd4af73b627169f48b86fc779d45cda4971d917a79694c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 92939f7c4c642761e2bd11c250d638b4
SHA1 afd0883143a274db10966b254f239f761665327c
SHA256 84b776fad0a859692104e544444108010f490362932ea38451aaa31489bce8ed
SHA512 b34070e2389059a03282bd29f09e27de244f54430a5e0607576f005e70221856718728cf309c79a05f6cc84e2d9c5aa59a3492bae7bc218e82b72ac262f2f474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 04109ed6080ed6c481a3a0ee5b235964
SHA1 92b03259686670a118a3b422687fad8fa819e0bf
SHA256 84454a9f9ab4bd038745a0e4833e26ba5b1bb7d4a3d6d5d44d6ee74ef32aed4f
SHA512 b03e90fde15b9873f0c383645e276bd58b723b556729ed25ba63001e13d1e5e9005d5bedf66560c9f2f42171f81a17945f61462de679bbec059b76ed1979ab27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 25dec4d0e59db310f68c37cc6373b6d2
SHA1 3acee0659ef4192c2a0eb3b3d8a14e0c7d8c9253
SHA256 db9cab9f4bb1fb07eee14c2a0a15c44080786aa0c01c4d263c11d96c70397dcb
SHA512 daab7da135005cc06ab47b89e7b287a050d42fd68dcda1214c9d58b38cd4ab113867c89e46fadb61b191c34f143f621ca662ad6a053dbc6d18f6fa643774e5d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aad214226ae946c9453377ba7deee327
SHA1 da5741be8e9d42f4bca1fc98944916f47448ee60
SHA256 1af398bf37034f4e4c334c0ffc0337cf620b28047766197f8fe1e5b57fb22e62
SHA512 73ad697cfbd4e2b0feff0747f4367a9c13fcd30ea151d8a4520182a7ca38dc951cff19bde70bf716cfcc37c31364412b833545b662deac07fee8e848ee0ae2ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b2d43e39b99dd155b6fef07126ee2103
SHA1 273af16ef2b51664f92b5d2d4adca5b24624dcac
SHA256 689ef9df19044de6b250257189a79a8cc847d2d2b7dda808f2032cca504a3071
SHA512 fac2d642f58d1c8cd46982a6536fe0790d335234c08c3733ddee0cf38e3806881cf5018cee428b6e9317d0dc78d935f0dba3fc656177b7304ac83a1d67aa082a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 299a30c7e03587493069fb2733ca38f5
SHA1 7f74317f6a74ae9db6dc9bad2a82a9c164e352ea
SHA256 c7b356f5a670e682f676407d3d51b14f7fdb9dddae8f7a513feed36b082a7312
SHA512 4879828d477b53d34be5ae52a0937577afbd90881f07076865328072bf979a64370931f1dd9f4b5a6cf142b2df2f9eccc6df28e83e2ad45939acdeb8a7a02197

C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

MD5 19ed3bb2b75cb8b9948052878f9d137d
SHA1 305ec0b635327d3ac84af955e6d45d84ca200323
SHA256 a2bb1781380df3daa960a56a27edd0158983634b07624dbd759ce89ca34f75d1
SHA512 1e50244847814fde258deb3ddfcb2f3a9f23d41fa9d1c65944c69b3e052a2f737839da672cdb13a37597008bf05563d03429ff1bb6274e8511d3151fe935a760

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77e1403cb640ba97395b866fc7e6d79c
SHA1 178e8cfe92f12ed18ca7eb989ee4b279d2dfa28c
SHA256 46a41abf9031c319e1b507014b894b5e162b9c8dfb190db6dc514b6421f01912
SHA512 74bf75738640e1d687b892ebb910048f5f18cbb5c6ec35c15919ced2f5d0f390b011d9c02af4535801f6b963ef24b6876050793386e2ccf9f1468985ea131d6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ca24c7277e0e1128ae8552c5ff3b976f
SHA1 1f2bf8807560c9a96c21e330306c33c8512fc038
SHA256 881a099e4c00ec3543193f4ad0b545881f2b95c01bcd124fa3a4a54d778f0929
SHA512 c05d14811ccfed31086e748f826a9ca83b5aabd6637ef7a4c2b93cd7f57d2a4d2ac8689bdc3c3254c402858e186a6aa718de1680a69d68cf96a397e6e994cff0

C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING).rar

MD5 b993c187e68c1cd4bc9a311d9ffa8dad
SHA1 3bb174f6e9bbc8a6914ef988d0d6d50851747ca4
SHA256 bab7e174e7c68aa278b38df977cd40fffc65cd6aa558da6f20594a1bcdd1b74d
SHA512 c32f98b60a895d064916313196e2b71ecd168937e4ed49f8838bfc8726a239db358507994f76a524ea8ab9ad91f70ff564ecd38e1bcb2e173e3de91d1567fc7e

C:\Users\Admin\Downloads\qeUaxJCA3FO (IF 1ST FILE NOT WORKING)\qeUaxJCA3FO.exe

MD5 951527422a06a8f391279022c5458d33
SHA1 02652446bf3568938ee88d005afc7eda373d2d8a
SHA256 f608c05f0ecefada0281544235e9bc8846259f3fe36cf8f5d67ad80e40b8c0f2
SHA512 ad97a31a87eb0945edbf0c08cf6d7e2c7c8144e9764b5cff987390ed3f9a3b60b35c5e30980cb21f2df549938aa385e5ab7bafba48647bed2e4cf87922c1b25f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7d343e521305b76f804825abcf46cf36
SHA1 6f281d5da25588cfc5a7484e29ce1da1dae0469b
SHA256 7fe0ddc8881aa26e1167c50e4a3276cd742606d1eb8b0bc494b7cd10fbe33340
SHA512 0bfa9e53f05da024f3356bef6898c70d0dba916c4fd6d65ae06885018c55544a95523239ae8963bcd72bdc5ff6edd3b052c6bc69843b00bd9d0105298fb35579

memory/2308-516-0x00007FF61F680000-0x00007FF62141B000-memory.dmp

C:\Users\Admin\Downloads\qeUaxJCA3FO.rar

MD5 5f1c97c118807515652cda299c0e9626
SHA1 67e2db8fe526bd1e6e8f1a5ac6e95780cc606cfa
SHA256 cbb94ba7fa76812c530df5f3c6093fceb3b2112c3bea96e34ce4b1edfb19e705
SHA512 f65deebf84bdbf35059c4d51367236e338c8c10e3f2cddb35bf0b6e5621d7be080b3c1813ffbdf589fcab38ef352902c52c8b0e4d53f447a17b1b42d641940ef

memory/2308-522-0x00007FF61F680000-0x00007FF62141B000-memory.dmp

C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe

MD5 9b853aa96fd2cb2560b3fd028b3c72e6
SHA1 937e33e7286dcfdef65aa78ae9135d016ce4b666
SHA256 2f425629870710441e44270ff93353a0b60cb32a0ccb9d3de9e0f186639280f2
SHA512 7df46e11c469e62c692e4ae5b983bc754eb6cb560c7c76d59aa7d15060e56e5e8b8e757304d95b35ae93155fadfd2076ffa93aa1e098be0dc2bd982c07ce62a5

memory/3908-527-0x00007FF778370000-0x00007FF779160000-memory.dmp

memory/660-532-0x0000000000700000-0x0000000000756000-memory.dmp

memory/660-534-0x0000000000700000-0x0000000000756000-memory.dmp

memory/3908-533-0x00007FF778370000-0x00007FF779160000-memory.dmp