Malware Analysis Report

2025-06-15 21:44

Sample ID 230408-v9md4sgc8z
Target chrome google Soft.exe
SHA256 9e2cf6dd158549b2eda86cdce0d5571b2d56796f7869f78881a8ae4872d2fae5
Tags
agilenet discovery evasion persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9e2cf6dd158549b2eda86cdce0d5571b2d56796f7869f78881a8ae4872d2fae5

Threat Level: Known bad

The file chrome google Soft.exe was found to be: Known bad.

Malicious Activity Summary

agilenet discovery evasion persistence trojan

UAC bypass

Obfuscated with Agile.Net obfuscator

Registers COM server for autorun

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

System policy modification

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-08 17:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-08 17:41

Reported

2023-04-08 18:11

Platform

win10v2004-20230220-en

Max time kernel

1774s

Max time network

1584s

Command Line

"C:\Users\Admin\AppData\Local\Temp\chrome google Soft.exe"

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8830909A\MrsMajor 3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files\7-Zip\7zFM.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8838CA7A\MrsMajor 3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8830800B\MrsMajor 3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO883BADFA\MrsMajor 3.0.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2201-x64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133254565430270149" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Applications\7z.exe\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Applications\7z.exe\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 500031000000000054569b981000372d5a6970003c0009000400efbe54569a988856509d2e000000ee260200000006000000000000000000000000000000d3072d0137002d005a0069007000000014000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.7z C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.7z\ = "7z_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\䤎傢܀耀 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c0031000000000054566aa1110050524f4752417e310000740009000400efbe874fdb498856499d2e0000003f0000000000010000000000000000004a00000000008bc9c500500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\7z_auto_file\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\7z_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4732 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\chrome google Soft.exe C:\Users\Admin\AppData\Local\Temp\is-1K5S5.tmp\chrome google Soft.tmp
PID 4732 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\chrome google Soft.exe C:\Users\Admin\AppData\Local\Temp\is-1K5S5.tmp\chrome google Soft.tmp
PID 4732 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\chrome google Soft.exe C:\Users\Admin\AppData\Local\Temp\is-1K5S5.tmp\chrome google Soft.tmp
PID 4704 wrote to memory of 744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\chrome google Soft.exe

"C:\Users\Admin\AppData\Local\Temp\chrome google Soft.exe"

C:\Users\Admin\AppData\Local\Temp\is-1K5S5.tmp\chrome google Soft.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1K5S5.tmp\chrome google Soft.tmp" /SL5="$80054,7550932,832512,C:\Users\Admin\AppData\Local\Temp\chrome google Soft.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd46aa9758,0x7ffd46aa9768,0x7ffd46aa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3368 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4728 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5332 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5696 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5676 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 --field-trial-handle=1812,i,14939592478227452773,16574645036414883387,131072 /prefetch:8

C:\Users\Admin\Downloads\7z2201-x64.exe

"C:\Users\Admin\Downloads\7z2201-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7ffd46aa9758,0x7ffd46aa9768,0x7ffd46aa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7292d7688,0x7ff7292d7698,0x7ff7292d76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4956 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2976 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5460 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5404 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5084 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3132 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5620 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4984 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6028 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2344 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5696 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1652 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4764 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5824 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5908 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6000 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3532 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5628 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\MrsMajor 3.0.7z"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1900,i,1445571514190900188,15264445931880106045,131072 /prefetch:2

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\MrsMajor 3.0.7z"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\MrsMajor 3.0.7z"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\MrsMajor 3.0.7z"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8838CA7A\MrsMajor 3.0.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8838CA7A\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\A3B3.tmp\A3B4.tmp\A3B5.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\A3B3.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\A3B3.tmp\eulascr.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8830909A\MrsMajor 3.0.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8830909A\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\B40F.tmp\B410.tmp\B411.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\B40F.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\B40F.tmp\eulascr.exe"

C:\Users\Admin\AppData\Local\Temp\7zO883BADFA\MrsMajor 3.0.exe

"C:\Users\Admin\AppData\Local\Temp\7zO883BADFA\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\DF17.tmp\DF18.tmp\DF19.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\DF17.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\DF17.tmp\eulascr.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8830800B\MrsMajor 3.0.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8830800B\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\241E.tmp\241F.tmp\2420.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\241E.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\241E.tmp\eulascr.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 assets.msn.com udp
DE 2.16.241.97:443 assets.msn.com tcp
US 8.8.8.8:53 97.241.16.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 134.17.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
NL 172.217.168.206:443 apis.google.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
US 52.152.108.96:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 151.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com udp
US 8.8.8.8:53 id.google.com udp
SG 172.217.194.94:443 id.google.com tcp
SG 172.217.194.94:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 94.194.217.172.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
NL 142.251.36.42:443 jnn-pa.googleapis.com tcp
NL 142.251.36.42:443 jnn-pa.googleapis.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
IN 20.207.73.85:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 85.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
NL 142.251.36.46:443 drive.google.com tcp
NL 142.251.36.46:443 drive.google.com tcp
US 8.8.8.8:53 doc-10-5k-docs.googleusercontent.com udp
NL 142.250.179.193:443 doc-10-5k-docs.googleusercontent.com tcp
NL 142.250.179.193:443 doc-10-5k-docs.googleusercontent.com udp
US 8.8.8.8:53 tiny.cc udp
US 157.245.113.153:443 tiny.cc tcp
US 157.245.113.153:443 tiny.cc tcp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 153.113.245.157.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 172.217.168.195:443 ssl.gstatic.com tcp
NL 172.217.168.195:443 ssl.gstatic.com udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
NL 142.250.179.138:443 content.googleapis.com tcp
NL 142.250.179.202:443 blobcomments-pa.clients6.google.com tcp
NL 142.250.179.138:443 content.googleapis.com udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.250.179.202:443 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
NL 142.251.36.42:443 peoplestackwebexperiments-pa.clients6.google.com tcp
NL 142.251.36.42:443 peoplestackwebexperiments-pa.clients6.google.com tcp
NL 142.251.36.42:443 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 docs.google.com udp
NL 142.250.179.174:443 docs.google.com tcp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 drive.google.com udp
NL 142.250.179.193:443 lh3.googleusercontent.com udp
NL 172.217.168.195:443 ssl.gstatic.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 172.217.163.195:443 beacons2.gvt2.com tcp
IN 172.217.163.195:443 beacons2.gvt2.com tcp
IN 172.217.163.195:443 beacons2.gvt2.com udp
US 8.8.8.8:53 195.163.217.172.in-addr.arpa udp
NL 172.217.168.195:443 ssl.gstatic.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.104.205.20.in-addr.arpa udp
US 8.8.8.8:53 177.238.32.23.in-addr.arpa udp

Files

memory/4732-133-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1K5S5.tmp\chrome google Soft.tmp

MD5 e88e82d80040d3a0412d620dbfc13a37
SHA1 515b80745267bdb31277beea72333fa723aa455d
SHA256 26637b87546072e6a0bdf02dec729573d72536bf75e1d1ce75cd3adc19a36dcb
SHA512 49c852f1128cab5e9bcd4682070bbfa9157311de2c0b3e104e7993e878851ba1770adbdb6cdfe3f01da2bfcd86ee73263f7ebae6150d745e95531515048820ee

memory/4532-138-0x0000000000910000-0x0000000000911000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-P1CCI.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

memory/4532-147-0x00000000035B0000-0x0000000003639000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-P1CCI.tmp\TBPU.dll

MD5 8a6dd10a0d578baa0f628f9065695717
SHA1 d058a2160d7d6c02093bb0543f72c88b7e18e553
SHA256 57c9cfb49847f854f7838370ab5fc9083889e2bc1b8adc3755b06dd2868d5658
SHA512 9ce0d8339a74c542cfc4e7e5dcdae039303f6e983342879cdaa3566e6d25ad89ea291a30d8ebfadb4ca38e4fb995aede9320dd5d91d87378ed2d85946fd67daa

C:\Users\Admin\AppData\Local\Temp\is-P1CCI.tmp\WebKitTime.dll

MD5 08e99159c0194360dd801746d7245107
SHA1 559b3c5684ce63d44e00ec7fef76bd136fbde514
SHA256 6c43e922c3cdaf1317a69e1573bceadb8bc01b91fe4f0ac49360e71ecd7694ff
SHA512 683e2d8b8af36cd58364aafd824d89387d9850face2f36c10dd399e42aad17578cbe9398bbb884e51c5827c257875c7dc0f665cc70584118819f57ec9cd615c7

memory/4532-153-0x0000000003790000-0x00000000037AF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-P1CCI.tmp\WebKitTime.dll

MD5 08e99159c0194360dd801746d7245107
SHA1 559b3c5684ce63d44e00ec7fef76bd136fbde514
SHA256 6c43e922c3cdaf1317a69e1573bceadb8bc01b91fe4f0ac49360e71ecd7694ff
SHA512 683e2d8b8af36cd58364aafd824d89387d9850face2f36c10dd399e42aad17578cbe9398bbb884e51c5827c257875c7dc0f665cc70584118819f57ec9cd615c7

C:\Users\Admin\AppData\Local\Temp\is-P1CCI.tmp\TBPU.dll

MD5 8a6dd10a0d578baa0f628f9065695717
SHA1 d058a2160d7d6c02093bb0543f72c88b7e18e553
SHA256 57c9cfb49847f854f7838370ab5fc9083889e2bc1b8adc3755b06dd2868d5658
SHA512 9ce0d8339a74c542cfc4e7e5dcdae039303f6e983342879cdaa3566e6d25ad89ea291a30d8ebfadb4ca38e4fb995aede9320dd5d91d87378ed2d85946fd67daa

memory/4532-161-0x0000000003780000-0x0000000003781000-memory.dmp

memory/4732-162-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/4532-163-0x0000000000400000-0x000000000071B000-memory.dmp

memory/4532-164-0x00000000035B0000-0x0000000003639000-memory.dmp

memory/4532-165-0x0000000003790000-0x00000000037AF000-memory.dmp

memory/4532-166-0x0000000000910000-0x0000000000911000-memory.dmp

memory/4532-174-0x0000000000400000-0x000000000071B000-memory.dmp

memory/4732-176-0x0000000000400000-0x00000000004D8000-memory.dmp

\??\pipe\crashpad_4704_DDBGAFTLHPIJVEMN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 890bbd52a43d34284865bdfa01ccfa6e
SHA1 df682ed89ccdda4cbecc149dbaca184fbe3e3606
SHA256 6c8f1adbba9d7ad31267954e832f22bb31aec2b0092f80b00e96bdce2232ddd7
SHA512 003e0b903c39d466dcf92576ad530e5e45d6cc3c75dbfbe1f3b5457e7aeb723ae1c9e0b744565fa4bd1eda15f2e58ffff4dd5dcd436164e7d9c666b73b119865

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7faf6cf4da59b6e5d663f259b355ef72
SHA1 7eca61e9cce4644df012a75f2d0d2cedac12e00b
SHA256 bc80a735c60c841f0cde77ce491252994d3f9160f3e0d7bad06569fa0240d127
SHA512 9e7a3ec7b9cf5bed0737753bf46aa188a527234d432693f0cfc465233c1fa21c5458b3bde28528aa3148c103684c7d10e301bc4ca365b538a98842779026e40f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3aa988038a2264b59a46c4e93959cdf2
SHA1 dccf9be3939167832ca9e40b005b28bf39b079fb
SHA256 abcdf6d91cf523dcaf6b4768600ae9168d53f15644b3db3fc3c04871654f57f5
SHA512 dd75a9ac219c4ab3888966af4f06683af5c3d2dc80c471f5b2af10edc17991118146c1656cf9a6bc7a8a3e19cb21227ef82f021e2123f84e26ceecbf5a105bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ba81cfaa8023e74506bef2f7c549af6
SHA1 085805b6fff18c43d2e2d652171a901209d7631d
SHA256 6bd5f2303d98656308c9e1ce6d548fd045329d1b848c68e76cce0182e4d945db
SHA512 c5d451a841404429096f3a494c5b5a914f6fda56b19df069467adb9aa043ac7d46c877f190e062682c2fead08bdf0a4b32281c8b61089246f42040100e8b359a

C:\Users\Admin\Downloads\Unconfirmed 872927.crdownload

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Users\Admin\Downloads\7z2201-x64.exe

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Users\Admin\Downloads\7z2201-x64.exe

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 143ac558de0925288cdbe9cd91323166
SHA1 4a4daa67583694259d66689013490903e8f3b422
SHA256 599f1b43b8a0cbb389aa2ca68775976ab166dd22ea69ccb289083b29cc05b4c7
SHA512 6642eec53a65c41ff17d0770e0cccbcd5afdbe3f377c3258e63e33d42f2eaf5541ff70a0ebbd0ecd83536e21459bf12e8779bbc82520092db184f8ade69de478

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4223f0edc1be86444f88bd3f546ca00
SHA1 57ceaedf9b075badf0a4d81df47709113498c41a
SHA256 6f3b148ffdee5dbd2227c7bcd65069157e954c2ac1f5cab68e96a3efd28642b2
SHA512 22fbda96f068be2b5144f2cc38dbbd79cddb7725cb3ecd931ad7779f460c72bff504cfaedbd960654107ab4a5f74c28bb0c58c6857877a5f2bfe24f8cf6e3b9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a34fedc4db32b32d2f508753b545c32a
SHA1 21db9a18c3403b1847ed03d8ce5f7942f1d764c3
SHA256 f986b7eddc36664cfe0b27e1cb290aaec447b34fc3e89f24270bf2ba77ba48ae
SHA512 6f45add69fa51a02b8cdfbad44514f19546e9c05b755c5dad96291c8859925a2a0014daaa28d4b771ecf435f6f22bbca3b8264e6dcd484655f05957c7feb6f83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1e37e066f47443199355fd9a6710bf65
SHA1 508dfcc7cf646bd2ffe4eabb6efd0a439d7c4dbe
SHA256 a284785da99b677df3ed2c3e98d1ba0c695d1f38032045ff2dbddc735aa37b51
SHA512 f4a4e857f6caea063bb4bcb697fa4b5f6be1c4f70221dcc73278656378afab822dd9e986dbfac0f9186eb46eb15b64cd7cd68b939cdda330e132ed40595bc1ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 b6b1c6f86742f7346412dd6d4940f02a
SHA1 5dfef7ef71df9870055998f6cfa417ef1b08fe8c
SHA256 b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719
SHA512 1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 b6b1c6f86742f7346412dd6d4940f02a
SHA1 5dfef7ef71df9870055998f6cfa417ef1b08fe8c
SHA256 b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719
SHA512 1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a34fedc4db32b32d2f508753b545c32a
SHA1 21db9a18c3403b1847ed03d8ce5f7942f1d764c3
SHA256 f986b7eddc36664cfe0b27e1cb290aaec447b34fc3e89f24270bf2ba77ba48ae
SHA512 6f45add69fa51a02b8cdfbad44514f19546e9c05b755c5dad96291c8859925a2a0014daaa28d4b771ecf435f6f22bbca3b8264e6dcd484655f05957c7feb6f83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 c16481756a774e423c5674aa8cf8e293
SHA1 04237dbe4ba4c5e21c33d5412dc2f6c7af50b9e9
SHA256 dafe88310d47e9d2eeb603e2f19183d4f0dbac06fb4f76bd73e4530f3b64805d
SHA512 8e1e0620ce68f5901205d5c9e59bda719673b51b85c085d9dc987df9634993efe2e5033829a6a77df332382f24a7eafb61a3bbecca249ad6a2f8506f1d6e9e06

\??\pipe\crashpad_540_TWFRSGDXPGHTELLG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 70b57796722f9b314682753be1761157
SHA1 f9090cf1d8d4127fe973c04eeb1c8e3415c9cbad
SHA256 7468a2caef67a9345e211d0448b91c9f3117d6d909d7f127285e483abb886d4d
SHA512 3dcf3c3c4da090ee0b94c0102d9b34ca14286a7bd4a4c9887c4f859db99655e2f838dacd8cb0fb8ba86e014885532f1af4f64828eaa2e73a071f7bf3c35d22b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 b77bb2c51d8e16ef57a0d70120ed095a
SHA1 e79c7fefa2a30d19be4014a648d1899d03374095
SHA256 9dc55b52edd1562b564e9eec9bf8e2d11e3542d8d3fd2cade6de8e5cdd5ef2f9
SHA512 cad18ac7d9d3e6e0c53e5f0458cd8c742502bdd0163658b7d0d923e5f957c27331ddc8611f5228c582ab680ce0a1789fd8201fc975a06a765eea4ebf00069d09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 143ac558de0925288cdbe9cd91323166
SHA1 4a4daa67583694259d66689013490903e8f3b422
SHA256 599f1b43b8a0cbb389aa2ca68775976ab166dd22ea69ccb289083b29cc05b4c7
SHA512 6642eec53a65c41ff17d0770e0cccbcd5afdbe3f377c3258e63e33d42f2eaf5541ff70a0ebbd0ecd83536e21459bf12e8779bbc82520092db184f8ade69de478

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 ec579aa129014158a42c7dacc6f38ba6
SHA1 6103090ded882e13d3cb15a318926e1ff22a100e
SHA256 f59dc9d13c7576033d3329490430c32160bdf598c04f86dd534704a1df07bcb4
SHA512 b7efc669717f57cf6d941d73cd5df56ff69d2df0f192bc92af5c48adc801effc6816a0d89abc787cee365b60d1c1c91a55c8c7a5a78f91a27cabf82d972e8991

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ba81cfaa8023e74506bef2f7c549af6
SHA1 085805b6fff18c43d2e2d652171a901209d7631d
SHA256 6bd5f2303d98656308c9e1ce6d548fd045329d1b848c68e76cce0182e4d945db
SHA512 c5d451a841404429096f3a494c5b5a914f6fda56b19df069467adb9aa043ac7d46c877f190e062682c2fead08bdf0a4b32281c8b61089246f42040100e8b359a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 1c73882b3de73b4a868b7fa7e0b564db
SHA1 b12e4ad7ca975bfea6062305561216c72b9935d6
SHA256 7a893fb59393c85b2a889f61671bb333057aea2ba3f8b88d71b3bcb380dd7a60
SHA512 abce4926ead40c6024f5937dc5a809a6dd45f61a135d84c877eba31607ea9365f5b9aeff67adff2984aba6215869ac8ace41a35b836edefee6b104cd93a6865f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1e37e066f47443199355fd9a6710bf65
SHA1 508dfcc7cf646bd2ffe4eabb6efd0a439d7c4dbe
SHA256 a284785da99b677df3ed2c3e98d1ba0c695d1f38032045ff2dbddc735aa37b51
SHA512 f4a4e857f6caea063bb4bcb697fa4b5f6be1c4f70221dcc73278656378afab822dd9e986dbfac0f9186eb46eb15b64cd7cd68b939cdda330e132ed40595bc1ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 2a15208f9a2feb50c7e224559e8bed21
SHA1 dba4f01710fc5cfb5bd5ca0b6ac1a9a82d9dd92a
SHA256 aa6570dda4ec4f43625fef44e4ddf55e0f86001298a2c2b2898e62dea0b9e565
SHA512 a617de67c57b6598caea2a8fbf8957141a64430656c42f56d88b27193d32bbdb138312e2aec3cc5903c590f2ca907500e6adf78d0453a96da08b7f107cc69c20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 2367c4a148a2fcf8467e36568fc88799
SHA1 993e947597447d1af3ccbb603202b8796d237ba9
SHA256 158b54c34a7a0a9f739e6cd12cf879d47447b78167ea58dbe1246702bfc2d6f5
SHA512 1a713dc71899b4b16594bdfef393ff5770d884a8c88e127ff6d5b9b76cdad3125444ed74716c92c258a43cfc194e70214f32eeb98d2ffa30de36e95f621d2023

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 c6c3a6420133c5988c318f2537bbba75
SHA1 20a94ae16617d632081c84afb58763bb891e61f3
SHA256 3462949810155c6607091f6559f3589e5df44773395bea49567f5dbf03e81e7a
SHA512 d8581fb5f3a2482fee932e1ca8b816e40fb4194b6ee216e17612527929c44e1c95d17557c06bc973ee235477e4c6b72b1697c7d145c7f81dde89581be6c2473f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 6752c9bb207b4cff77af4ca7f2866345
SHA1 59da91b1259f875d0ca865e9b928a4598109d24d
SHA256 6ed468e2b06507fa17a9e51544281dabcb44b021436c43b5aadf516547351aa8
SHA512 7673d53dcf1ae1c8fde07fed1a59a52872d8b5bd83d45704f350fa12fcbd42c36ec9369229f0acd84b89b70f6fa9c888a80ce1bb4cc485beb00713477397161c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 8a7efcbdbbb30f808f6e8195111d5ff4
SHA1 77e45587d78209aea9a396f1caef23e98935861e
SHA256 1d58984eae1069cfc178980e91f4b16c4e22dcc119a82ab2661f3db13bd0c30b
SHA512 a2a3f181efec961daac75e6259582fdcaf4a8fec05cdc0b0c28590bf2e5728a8283f3ae107e1610d494069b72da8f5211409c326d461e698278ff40d343d1d02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 47ae9b25af86702d77c7895ac6f6b57c
SHA1 f56f78729b99247a975620a1103cac3ee9f313a5
SHA256 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA512 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 28ce6c1fe7556064430bade7369befe8
SHA1 5ed82e1666551c2bbc83c270ec85663361b694a9
SHA256 4478c5d98a8a4f8fa18efdc13e3f015c9f3a69c77e2a75babe26276e02acdcde
SHA512 41659a3a285ab0dc601955bb8c59dd72d0dc26e6633aea0de02ba6596145d8f25f6d4e72d4eb391bf039d45ef4577481d622c265ba4f617c2ef1f403d5dacd84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 1067041b8fa46bae06ebeac837cb67ed
SHA1 9a1e51cfe25d04692592f1dc13ce75058db813d3
SHA256 e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533
SHA512 d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 7a8556e776111c11dfda0a4505568985
SHA1 0c960f9a4dcb99811c44ee65131ec83633dfb880
SHA256 60172985c6366f2763546e167b02a28dfe76d0746046ae5ea0ef19a1abc8e556
SHA512 dda6dbb63ad7dfb8cb894c75587c3b34c20c5947df53320dde6f0d3c6d53f08467ba4b482394101f307c3242c8a8dfae3f0a73825cd72ae6f116b6992a01e8c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 a0e7e463421a2704c14573cf57f554e8
SHA1 0ca1c05b9b6654d3074ceb943ab0a152544fa65b
SHA256 0def89e7a29adb2cd07ad48672e338fc108f6fedc9bf23fef2155d147cf2d21d
SHA512 adc24200f4c3e531f35560ca6bf3a4c559ed4e359b0d9fbda365e9722d31d126a58d029e918534a33fdeef3b235be439a9c031aae523701d7df0fc8cd362137e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 47ae9b25af86702d77c7895ac6f6b57c
SHA1 f56f78729b99247a975620a1103cac3ee9f313a5
SHA256 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA512 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 66d514f7a4e15967dd615da85477a4fc
SHA1 c5a54d294d0e31d2af5f0aee49e2b762d343899b
SHA256 862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a
SHA512 ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 677646628a33493b3021200b0b305795
SHA1 ac24f96348e193d6bb58fe960df9d8f8f9ace592
SHA256 a9a2f184ed2427f4b84408b9963f1a7da572a0d4b451cb5aec0b2f1580520de5
SHA512 00d5251c5116e2b9a1893938b5ef11a417b92264efe11405975f1362d52637af86b48768047797333fd3fa041da96bc8d1e13a128d7303d056b18e4ddcf23e80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 cb74af3b8a4755612f725ed4ce878d58
SHA1 cc7f20cf77d409c9f0352c15192403ccc2989b49
SHA256 9371e8fee170d21eaf4907954248c20433486af953daaf6b00043e7e048f61fa
SHA512 f9bfabee6753e2d5fbbe65c2aaa1a6138f2522b2344afbb5ca2b3f9ddf72bcfa4be4cc1a19d6f5013dc435fb1f4eeb7a1083a35fc7c8d148f441be2421f18889

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 4af7d4190d3cf217a7570766c35a1359
SHA1 b47fcf5a9d5736241b3cda7df9be8746a123c19f
SHA256 cefbab8898321452621d18f4f166921ea7951c1cec8e18f88b6e702d938a6604
SHA512 6c8b97c62fdff02f7d61ef5b247efa7c5fe57b8e3ac10e61b2037c4231929fdb42cb466c4d3bf7235573cae73c2a0bbdffcb298e4ccc3b42541a2873f859b5ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 b30a832e7fa01f5c2235ce5d652e77a7
SHA1 9a482027fb5d3a6650d5fce34c23e1c65d72b3ff
SHA256 2e93bd1bbe10d2539c99422d87b60730381642130e08ca306d9c44b6b61f8032
SHA512 06aa7c54fb739ce6eaf5abfc4393fd93a9340da25bfda9b5bda8751bb5d5d1dd317bffff22683f5abdb43bf42efd97fd4aefe08d0d0049a512f41198d7a75064

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 2623ee4df4e82822b5b53207c2d66734
SHA1 97603d5ab689e8fb57e6dce7796fda5546b531dc
SHA256 5c88f9fdfd1cc61a1565de7bab2a5c5321165903b98522ac7a05d5d7a2c5a81f
SHA512 c897f9024111aeb5730158fe46916846045bf6386cd1f66d588af0788e1bce6fb9fef56654cae28e47d27425cc13a561cffef8a3cda0cfc96589ca1fc490b41e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 a16510d9c95691f8b9244119edb7c38c
SHA1 386e0bca4a35365a38e996bcfba22fdd7e9bf20e
SHA256 443dd7ddc7a264794273497af7bfac742407ca230ed3b9e8ae5df19fee038db9
SHA512 f7bb3135b8080d37772128b84c1ed232981f5e3b6d6cd3ecce6043fb1f4e279ffb6fdddbafae50373f008f231e75ce1096585dc7fc918bee056008e91298ff9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4223f0edc1be86444f88bd3f546ca00
SHA1 57ceaedf9b075badf0a4d81df47709113498c41a
SHA256 6f3b148ffdee5dbd2227c7bcd65069157e954c2ac1f5cab68e96a3efd28642b2
SHA512 22fbda96f068be2b5144f2cc38dbbd79cddb7725cb3ecd931ad7779f460c72bff504cfaedbd960654107ab4a5f74c28bb0c58c6857877a5f2bfe24f8cf6e3b9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3aa988038a2264b59a46c4e93959cdf2
SHA1 dccf9be3939167832ca9e40b005b28bf39b079fb
SHA256 abcdf6d91cf523dcaf6b4768600ae9168d53f15644b3db3fc3c04871654f57f5
SHA512 dd75a9ac219c4ab3888966af4f06683af5c3d2dc80c471f5b2af10edc17991118146c1656cf9a6bc7a8a3e19cb21227ef82f021e2123f84e26ceecbf5a105bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6a49e55537ec1cf3f4211222d9662761
SHA1 ef009425e25d46d6e77d55b2c2fe5a3c4d600649
SHA256 c38928728f66ca79e072e4ac17fe0b3a143cc07f438d4219e27026cf3b0b2fc6
SHA512 86b9af1ee3b0c7344016aaff1d178c263a72cdc2899f9946a715223835582370ec3f11e724eeee37ed9d3df0733cf7cf126d9c3e6d22242ca7a33ac6b3731422

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a8e55e1069828a33513e5ef7c1f2e93
SHA1 b6c728a8ec4be420d130a3f603a23c6fb03fd8ac
SHA256 f8711c61a25b595506684fa98f0ca94c58e1af7a202509a14c899b34cf8962a4
SHA512 5b410f2c60f881e8a0aae7e7cd0de41a0aadf773192d8b960e965225eaa5804efa1a991e99038ec04c88c1f485e22a71e89bfb81cbb61085ec5249c557d388b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0b38ac2868a0e6527c8e86e05fb42ec
SHA1 8b11f0766cc03279732e975acb4fc138f9c5fe4e
SHA256 b46671f54ad6bbd2cc5a511b23614a1d0302fddcf389f5f217b430da35216ef7
SHA512 a005d3d00c50c2054d9ef22952bef50143924001901044e3c5d0fa9c0d71e043b0da3bb217912fa10ec606aced70ad2f8288a970a7e12659798de66fabad15bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b120.TMP

MD5 243e06b137b5519fe451e299ec844cd8
SHA1 306447fc29b1dd5b9856bbb0f134282f584f5d23
SHA256 7b0b0debbaf13c580e2701b8425464eb8e5d1d1d0058fca591a6e978ebe838dc
SHA512 ebc8c1f78589e409a2d0fba826802001a695c872e5bf2aad5f3ff37c9c832bc035f41f10d5a05de0f934f1a8a752f6e432c2c679124a957ede8a8950b550432a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdcdcbf3158a000c3555b4ed37626ed8
SHA1 81a6456362c4c1665a28b8eb0258062268603a1b
SHA256 ac8b369aa3faf9b8bf9aef342e48898b0f160a7fa7603ed23c5cc75b187c1957
SHA512 516d62bd563782c5c120555efd5aed3a18509801669a0048e3eb48a944f15256c3b58cb062ffbbd44abf8a0f5d40546d16a139218efaa9fc2d0a4aa347871df5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0d45deb3f807e492ae1ae63de833bb8c
SHA1 7dbb1ae50274ed76180baeaaeb608a092992d576
SHA256 f299b0273dba3318973b298ab3176804503b68bb0b05bd5814a3e51076bf6207
SHA512 9b984d22f6ed0e06e32b23a7e96075a7120d2eaee49154c16ddf255b192fdccc7f732442c1030e6940ace03a1887358eb7d58998d829335128513a6f5b7f3834

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 381f42ec395acc6fd8bea9c992ca914e
SHA1 179b9c894fce27014610f28b257b41f68544a444
SHA256 e6a68711f86432c674179ed1510fe4ed7e70126de4b0bb16a16da74fc0aff35e
SHA512 e3d32add7eb987558d94356d4b3f98d87abe04593f999d7f19da8fcecfbae9faf831a1aef68433c0fb74c48e271db68e81b3404f797cd41f486375fd47a335a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 269eb0090cae4f8d8d15d1edcd34d67d
SHA1 514398ef35ac26788acca7f0be6f00b67676ce83
SHA256 02609c272450d9c7d1b7a00d7ecd7a0ad750bf3d32eeab5601f7acdc11f57e1b
SHA512 ec63cdaedb46734ef075f7b5d9d721f068db0e45458a41749027007b8b8794e8c9d5d9399fed5960cd3ec8ed3e902cd1056149452ce652a3c9a18125fa13b9b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 986df8af1341a947c5f932beed22ea99
SHA1 08180ac0c65b1ac8a8c9cf52311de9bec58c6975
SHA256 db48f8ab8aa2c6dbaba40ff6f4e16d6d352c8cd6996e2bfcf30c5353a9919011
SHA512 e591e464f924a031fae102bc7081464c65424e87ec326effab98ab6494ac24b4130cee3b15e10708f258516589c048a0160ce0f4889b7aa8160139af2600dd48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7cf6496435901f7d322f4a79ec6ee514
SHA1 0c5aff68c94c3ac00852eda1e2bf1a365a8b3232
SHA256 5ae75c478a4120cee04951038b6e3c2c373c5ab0477c6d767fbd05558b5f605a
SHA512 9ab5c822836746efc1b1a9552acfec8f422c526bd12a026fd3844427db73908cd70a456981448777711d3a74027778d8ea9d03d456db1b9a8173b982afc9e3b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3fda5abb13e6b13e1d53deb651fecb56
SHA1 c894cf592d8fe3194e76f9f0d466f7f58f1fb646
SHA256 c0f7801a60b10596c244407f56200ee242fe2ca6eeb56c17c86a35d4ffd63044
SHA512 249eec33ad0be113a6f17c1b2c8011875b8d77a0272dd70a450d6580c3da1bf5c06f1e3d879180e04706b6c07f4875b0542e0b02899bcf90e84b9807a695cde8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3da634cca7e336ccf9fb03dd42cbecf4
SHA1 5d9dc09cb3b641eb9020e5d5245cf438ceb74341
SHA256 e20109bd7d9f3b07bc098dbed41b6f996808d4cc241dc141d06dd0ab19775412
SHA512 7f4a15191df6948ad187822321380b749d198f84659d4f3e3c0a395725cb871e134b3ef4cd15ef717b2162f55ec4c49fdc353a7a803e513fca90679b03e398b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb52611a3210a5f05f49573515d3389c
SHA1 1192d6032b441d8b6668d06c5fdb657badd02b84
SHA256 e809838e6d761185fa3fac844b3e9f68fc1dbdad4130bc7b5f56170df1db7b97
SHA512 c07da3feeda4204e1eb20d47901170950b4c35fd6d3484eb656c30d25c9dc7a21f9201047ed4a3b1301e369937f6a1cd9323ce155d7a2277c165d8d2f1683517

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f8f68ac80f9dd98953c5130f5ad2de8a
SHA1 2a9574ccd5c9f811c8913c31dc3a778a82afa53f
SHA256 c712642553bbafcce91762e0d02233bbe5b3493daf0668c3c2f3f5b2c3fcd32e
SHA512 4f82c923e9f8b14e2d805740f04573731c50e1b045d27f77772068a410e05ad84dfdd316d54ccf85b42d2a41b0cd274b119f7ab679c87df8885fe307b096a4d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4267dcb2f705c69b498aa7540b8707c9
SHA1 ef26447e20f1fa84d25491b786c116e8a2976dcd
SHA256 2d4311da294b293e19546028471a4bbd836bc1cd006fc75f6d33645d2e6fa352
SHA512 af66b08e45563341889e1fb8e2489e8ad24172736f6131592f182e1f56076c244cafeb3e516bcec302c8c24c024520fbb37c89fed0be0009d841a46588152a8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f8295573365b493a132da2bd47d85804
SHA1 566b360ab1a24c9db86d69cd4b49a45d7a8f892c
SHA256 4ac49b1658a89c314f7cd93595d76f4ab94964d6648e9d8c61f7a923726c7dbf
SHA512 d3826a038bfc260065d4152f4a90916ad9264a488e7d26e5e4e285c290edff4c06b61cb4ca53219e7069914aa067c6a5ac53c2aab3b75db504488f971a45ded4

C:\Users\Admin\Downloads\MrsMajor 3.0.7z.crdownload

MD5 fedb45ddbd72fc70a81c789763038d81
SHA1 f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256 eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512 813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e6e0a72b720460acbb5f79877b9eda9
SHA1 d7f30fd326d787527719c7a9c018dec58e968a6d
SHA256 a3f642939635df7673b40a5c8c1a0dc57a551a8d7fdec4da5be0bbfae496868f
SHA512 cdd8f1b8146263ad68caf450e42d8b299ee316fcbd1c5e5a850c27eba7773d032e945490362ef684650b64782da3aa5b11320bafd3a796fbe965507318cbb3e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 408eaf5325f2bd8da1291cd38079f91b
SHA1 642c9f2c74e8d1b3f0ba0fd55d923efab604f3f4
SHA256 bdf31f152cd3cd5c890822b864c2047ce6e5ba293f633f1e4f234db80b51f2b1
SHA512 6b33d389c1899d524f468e6fa0199d0664488dd6c8313f9d2caad13b937998153e6cc3cfe66fca57e36299ef864ca2c6b90aab9b65f3739badecf3879cd27688

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d3e24cccdb8de07c5098b8acef8d7a4
SHA1 7b3043ead0603a5f0be69552709a4066a78370a8
SHA256 103e70fa91154b38ecfe02406a59cb1f474da6eff6f102636b5314859730deab
SHA512 d6cfba64cb5f67050b6709af0847917fd9fb9ca1ff7eee86fbd2f9e6d3a87978370892dbea65c5dd58322f166a3098b16feea86cb3c612487237f9a78487c489

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 307c7c63d6de7785f1ae840c8238fb90
SHA1 6e0d585e8bbecd5b3edc9e25c390f1318c580021
SHA256 a97278fddf207c53e467ce8cf5c8de9f2b79cd6edbab7c2168f5141c0893dff6
SHA512 0676657a4751659e93e14d7b2d057dd8a287b65021ee5c79f844b9d93a846b5c6d75024108f291640af1ed642425eabfa7cf950308d4e0cea8a6167943350a21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590788.TMP

MD5 95031d450fe2e5e1bcdf3593a6c185d3
SHA1 95a9750e89a4e7e6e3437123bcb3bad606e86ef2
SHA256 240fdb75e3e33e1ee0bd7a2269cb5eaf2b0da845e3bfa69f24076e106fe645e4
SHA512 c1c3532ecb09a01097983410e0bf54ff37be4cdbc2bb958b74af37284cfd5e13e6873af33fdb7f6f2acb1cf7f85538568ac389017e3dc376f66ec92a014bf8aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0c12aeb69f09e0dd4b1c369285a5098f
SHA1 a79564e258f68a3c148cf35a4b990522172b4a81
SHA256 81e15bc4b7d4b81b04e1c88fe87271a5ea25f1931d3d2d33db861aba39602313
SHA512 fdb3df99fc593437756bb29743e790e916b2437e776d9b9cea2b637fd61ff06e6c9650fba2d60e0af89641ae0e9b2652691152015e0771563e7a04c08961dabe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e49c0f277719cc81dabeb68121202793
SHA1 9bf4d0d55c2bbd3fe1a3800cdb46faaa17ecd37c
SHA256 ac950f10395508511770854c86647d502e71651a4e7244b556fc57e37e43a1ee
SHA512 887a9fb984b97edfc87ff3c591a4ce42cb1ce07de6607ab6ae992117b01088434b522e2f93e5fbc1605ce0b8bfaee23d7399fe8bf855b7be605f16ab78f44207

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 26987783c2f210cd1649669d12376065
SHA1 c5d234b27baaf3a7461b6d3d7c9490c0317747af
SHA256 00c7cc27d2fa4db3afb04aa080045ccfd10006badff84455788ea587ebaef5f6
SHA512 c8ebf886a88150bd110d499b978049bf849ce409964d04d1841d94cc6ec0ae7f22fd0a752ea71f812b0b7d6143b72e5fa7e527bea9e946dc0a600a87b1c0ffe8

C:\Users\Admin\AppData\Local\Temp\7zO8838CA7A\MrsMajor 3.0.exe

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

memory/1760-1314-0x0000000000B20000-0x0000000000B4A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/1760-1320-0x00007FFD49D10000-0x00007FFD49E5E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a919c99f008c1e772b6cd1ef5443b5d8
SHA1 8ab4dcb0323875c12242037ad9a6eed438c563cc
SHA256 5cb1f1c08e2c3c2455148dcacc3734518667ecdeff1f09fd25b46c0ac89d4824
SHA512 b4a040b6330745a001d84f8fc3c2b16a4d7bd392374b703fe290eb2a65e05eca56a0670ca7fe386c16a15d46a87362ab0069ebc33f5075fc7562d29d8eb8923b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c40549815b951a2d366745ea518aa70
SHA1 fe5c2d4bda30ae69bdaab209cc7834692b3afd73
SHA256 7ff5b5a1956d8c1fac592303965d535628fde29ad08cd0eaed32fcdac041067d
SHA512 4f01aead9aaba8532eda9c447c5fda5152d5a4708fcf0fe12f3ba489ae2501367ccd82d711a07ace6aa594f0a8f36b0875c8c4366334128474ff62575387ee28

memory/1760-1395-0x000000001D370000-0x000000001D532000-memory.dmp

memory/1760-1394-0x000000001B750000-0x000000001B760000-memory.dmp

memory/1760-1393-0x000000001B750000-0x000000001B760000-memory.dmp

memory/1760-1396-0x000000001DA70000-0x000000001DF98000-memory.dmp

memory/1884-1452-0x00007FFD49D10000-0x00007FFD49E5E000-memory.dmp

memory/1884-1453-0x000000001BAC0000-0x000000001BAD0000-memory.dmp

memory/1884-1454-0x000000001BAC0000-0x000000001BAD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DF17.tmp\AgileDotNet.VMRuntime.dll

MD5 266373fadd81120baeae3504e1654a5a
SHA1 1a66e205c7b0ba5cd235f35c0f2ea5f52fdea249
SHA256 0798779dc944ba73c5a9ce4b8781d79f5dd7b5f49e4e8ef75020de665bad8ccb
SHA512 12da48e8770dc511685fb5d843f73ef6b7e6747af021f4ba87494bba0ec341a6d7d3704f2501e2ad26822675e83fd2877467342aacdb2fd718e526dafd10506b

C:\Users\Admin\AppData\Local\Temp\DF17.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

memory/4380-1471-0x00007FFD49D10000-0x00007FFD49E5E000-memory.dmp

memory/4380-1472-0x000000001AE70000-0x000000001AE80000-memory.dmp

memory/4380-1473-0x000000001AE70000-0x000000001AE80000-memory.dmp

memory/4380-1474-0x000000001AE70000-0x000000001AE80000-memory.dmp

memory/4380-1475-0x000000001AE70000-0x000000001AE80000-memory.dmp

memory/3516-1497-0x00007FFD49D10000-0x00007FFD49E5E000-memory.dmp

memory/3516-1498-0x000000001B4E0000-0x000000001B4F0000-memory.dmp

memory/3516-1499-0x000000001B4E0000-0x000000001B4F0000-memory.dmp