Malware Analysis Report

2024-08-06 12:30

Sample ID 230912-xv98qshf86
Target https://google.com
Tags
njrat hacked evasion persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://google.com was found to be: Known bad.

Malicious Activity Summary

njrat hacked evasion persistence trojan

njRAT/Bladabindi

Modifies Windows Firewall

Executes dropped EXE

Drops startup file

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops autorun.inf file

Drops file in Windows directory

Enumerates physical storage devices

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Replication Through Removable Media
T1091
Execution
TA0002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Replication Through Removable Media
T1091
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2023-09-12 19:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-12 19:11

Reported

2023-09-12 19:19

Platform

win10-20230703-en

Max time kernel

436s

Max time network

440s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com

Signatures

njRAT/Bladabindi

trojan njrat

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d8c514f6c639c3b8951aabb752c3344a.exe C:\Users\Admin\AppData\Roaming\saads.bat N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d8c514f6c639c3b8951aabb752c3344a.exe C:\Users\Admin\AppData\Roaming\saads.bat N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000\Software\Microsoft\Windows\CurrentVersion\Run\d8c514f6c639c3b8951aabb752c3344a = "\"C:\\Users\\Admin\\AppData\\Roaming\\saads.bat\" .." C:\Users\Admin\AppData\Roaming\saads.bat N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\d8c514f6c639c3b8951aabb752c3344a = "\"C:\\Users\\Admin\\AppData\\Roaming\\saads.bat\" .." C:\Users\Admin\AppData\Roaming\saads.bat N/A

Legitimate hosting services abused for malware hosting/C2

Drops autorun.inf file

Description Indicator Process Target
File created C:\autorun.inf C:\Users\Admin\AppData\Roaming\saads.bat N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Roaming\saads.bat N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Roaming\saads.bat N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Roaming\saads.bat N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Roaming\saads.bat N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133390195184460368" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\saads.bat N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4724 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 1348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4724 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffef8739758,0x7ffef8739768,0x7ffef8739778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=256 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4856 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5116 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4932 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:2

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap30431:68:7zEvent13098

C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe

"C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe"

C:\Users\Admin\AppData\Roaming\saads.bat

"C:\Users\Admin\AppData\Roaming\saads.bat"

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\saads.bat" "saads.bat" ENABLE

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
NL 142.250.179.142:443 google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
DE 172.217.23.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 github.com udp
US 140.82.114.3:443 github.com tcp
US 140.82.114.3:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 3.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
DE 172.217.23.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.6:443 api.github.com tcp
US 8.8.8.8:53 6.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.179.142:443 google.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 227.48.178.192.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.112.102:19587 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.48.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 34.124.82.67:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 216.239.32.116:443 beacons5.gvt2.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 192.178.48.227:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 67.82.124.34.in-addr.arpa udp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
US 192.178.48.227:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 google.com udp
NL 142.250.179.142:443 google.com udp
NL 142.250.179.142:443 google.com tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
DE 3.67.62.142:19587 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
US 192.178.48.227:443 beacons5.gvt3.com tcp
NL 142.251.36.46:443 clients2.google.com tcp
US 34.124.82.67:443 beacons2.gvt2.com tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
US 216.239.32.116:443 beacons5.gvt2.com tcp
US 216.239.32.116:443 beacons5.gvt2.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
US 192.178.48.227:443 beacons5.gvt3.com tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
NL 142.250.179.142:443 google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 35.190.28.87:443 beacons.gcp.gvt2.com tcp
US 192.178.48.227:443 beacons5.gvt3.com tcp
US 35.190.28.87:443 beacons.gcp.gvt2.com tcp
US 192.178.48.227:443 beacons5.gvt3.com tcp
US 34.124.82.67:443 beacons2.gvt2.com tcp
US 34.124.82.67:443 beacons2.gvt2.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
US 216.239.32.116:443 beacons5.gvt2.com tcp
US 216.239.32.116:443 beacons5.gvt2.com tcp
US 192.178.48.227:443 beacons5.gvt3.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
US 216.239.32.116:443 beacons5.gvt2.com tcp
US 216.239.32.116:443 beacons5.gvt2.com tcp
US 35.190.28.87:443 beacons.gcp.gvt2.com tcp
US 192.178.48.227:443 beacons5.gvt3.com tcp
NL 142.251.36.46:443 clients2.google.com tcp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 87.28.190.35.in-addr.arpa udp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
NL 142.251.36.46:443 clients2.google.com tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp
DE 18.158.58.205:19587 5.tcp.eu.ngrok.io tcp

Files

\??\pipe\crashpad_4724_MALRBFFCAZNVMXRM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9ec6fd3c5448660bc6ee8f23027b7e0b
SHA1 48714a16e2b99f17f5626e6d9a91b36f6cc41f25
SHA256 47e20bb70b3ffee5aa246b48f89ce7ee667f3519015953dd3d3cd5dc3ea2f68e
SHA512 07c207d72632d116846df9f74f26dc991a9d64c22e57c25d24e72318e432b8eb6ae87fe9c053d7d595ea832b7800a60a54e455c1bf989f24c5b1d385184568f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b35df2d5d652d289f2a08b917e7e1136
SHA1 06f7c06b9c3099430e0b2507b0975ce6b7389513
SHA256 b75fa5e8fa8722cd0c7d242e8479f84791a9b19ff1a8420edeac2346995932cc
SHA512 8897ba4d35e4c68a3e416926b0809496af134755459729a5a74669ed9b7e7ee2e6b0dac356772d7d4649c7799eda1b3395e164dfb13d4c5d7a87725dc0891853

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3628758cd1d49363b9eb311d3942cd6d
SHA1 006dd6aeb4ea47ccf80fa7fabd891277a7c50f69
SHA256 e48d0f9a739808832eafbbc96d87ed9f8a36a2831965881783c3dd28551060ae
SHA512 de0ccef99c2d8afe259cdfbd52eaeb22ccf2960e36f140e62e736dcd8120fd3f1d35fbc67c9bc62a2697d5a5c5c55eaf3fbc368f016d9fe0bed051d46542a77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28539b62efb47a6c5e626c6b8a342583
SHA1 4ed64181e5c0912dbe5c850aa9bb0ecb9259aaf7
SHA256 1765836b096b4c0feaee641998d4b9b90ebba35aa2fc71fa6ca1158cee10800f
SHA512 b89b3cd190870e81e64a3f41968b197d5067accd57b3f022b598b402df360de8a346728315c7334e52f1273f7cdfb0d0710bf596d396a52b3cb1c33afbb452e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c84f88a7ed2d756e3b5128f661846fd9
SHA1 1bca8ee8ff755a963a0f174746d3b96eede165d3
SHA256 8486defdf8e4a88fff58010a0fe4c3e14064b453aed7949bdb3c0f7604b93212
SHA512 43dd72636d87735951030449593d2c4b8a13db43298f0a0b0debb79fdcf187085ab8535a1fd73ff30022b937d318e128053ff74314e8a0349e3c117e71e27f55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f54fbdd63a2753ce0e9523e2309a6bca
SHA1 f798d17ac8e2a6f4fe5480c572dd1f0a245d6282
SHA256 3a3884df87d491538d357f8eb2adc13e42210ffddf2165c870f5ee078759942a
SHA512 ce030427968f4649e05fb9cc0c7097cc8a4d7badba25ffa96ebfdc69ded91852447294f5a621472cb72d5bc610aab3a630598a100af5e0c78784e9908a0ba55b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 d716b6013bc03f1e4fe2d5cd719c595c
SHA1 01347f66988db64e410b5ce8b8a8c353ff059296
SHA256 fc8a8b1cf010979eb77a33e4c8fcc744a884fed8147a326bcb39f7ee9aeeb32b
SHA512 cad4f0b076fe741297b4d1845013cdb7e7f092202f1e8b9c23532623d7b73bfe8c7c37af5078bc6d571e4b7276e6510a340838d34e84c470f6405281c7f2e9ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 f2076aee264cd170e1dbf8199a212b24
SHA1 1d148ca799d92254a7b220175ec646da5fba948b
SHA256 b71e5fe5c42f5926533698a38fee50cb5eaba3cd7f17801327934d9cd8fc7715
SHA512 5a10c0877ca7a4348d8fb194bd27634bbe270a158840e5780408aabe9c34e4ac7ea5673aaee166656b48f4b7000a048dfb6c806743acc64297bf2a5c2f0e8714

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 04cb676d26899df8beca1fb9da675b11
SHA1 ef369339c3643b564d8c5234dc24060c8f027700
SHA256 0112d431af82a350fbbf05dc09f67eb57639e82959d31488fef908cfc4df60c2
SHA512 55579fbad58fb0d45c6b077627954acac1772bfec2ee6b91f03e9ebcca046eee4c1fc5de4abadf4af117a43be25a10384f08689daddd7a2ae88cfb6f7337c5da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 2ed573fa7bbf4c0d0cdb8759a5c07f59
SHA1 e3f97dd2260d1d3eb9d58fcde64bb83c3966e969
SHA256 01beb0df4815b98a01628003ce71809680cfe4044a25d3e0f16f0f2e70a8d50f
SHA512 5fc3f840dab2da001fbfe6dd8fb33d44882ae4781f1ef88e84ca9b31d7128fdb5e794bfe3741487e7a9575b7b720d1a49b59a56374b94664b8e2ab35cdc36c26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 03f23dea324e6a2027c146d66037d1e2
SHA1 1ddca456e407fc3d07db78be9decb1bb36ccf77a
SHA256 4ad3cbb2f12576fe8a1250c5688ea8a1c29f120f0755c2f66b76d36c9bd7f05e
SHA512 18320e666de94edbaac8df776b3b762449b3daebddb5e99ccfa25b9c02c217878759d0d586c9d72fe10d29b52cf4fc7e96a00bcf270c2d49de92d919df2c5099

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 49943bc015e9713f646c021a2f9a7f48
SHA1 7bcd637eb823b04c425775fa8c914e8b8f2ac2a5
SHA256 f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289
SHA512 2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 3af456969e5ffd8955773b6e522c1ad6
SHA1 c0fb7efcd404d59dfe85ede5d10f06f101d57b02
SHA256 226721c69e4e18a9f10e3362ce12b57762472f9f5e49196454e8f0a1364c76c2
SHA512 eaee632e2bb840477bd7f1d67a62ac5f79afb3cffc181092b9460cf972ab685952176d769903863c84d270c1baf2226abbf44802bcdc3d58a5271ea8170c9d3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 808e62dc7b2015cccd1517f6b0b77487
SHA1 60d062d75449f62772c16cfbb681a58a1ba00988
SHA256 0965291c074ddac3e7c72758a3e4b83dc878a7243e8caf6792cf49a8ca7c96e0
SHA512 07111034d1e8581b28a868dd9c2f91906007fb1e5a9d210341c964affecaeba63cf16c710e7d57def41b9b4fc47414c558ab7a651b5f92cd05d5135376705740

C:\Users\Admin\Downloads\DCrat.rar

MD5 dadb31f9cd6b19e2aa650eabcf03fdce
SHA1 f8b860ac70adb921a96408ed564b7426b9eabd96
SHA256 33c8efdf697a2bf43e2aace180bd3512e51e422aa562c6a3ecb0b04d893ea656
SHA512 e2f2599a5ba122b5c54ddaf65756a92b360217e9cdbcc3cbea0f3319a78e6a3be4be8292dcec5716882a6b46947fd517f15d7f4a25574a8e927ba1ba6c825246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 befdf883afd2e34ec07e8c502e71b035
SHA1 fb78a707d60fc5f5dc351dda676c33697561806f
SHA256 511046406c1631127a541d2351b597be32f47a4ad0096b222a98629d5f9df78e
SHA512 f5d936b963e1a948802cc44cb2ba04dba518fb411736787201e6bafdb6ff74c5875ef6c8d7a8ea1ea66bb8db854a5f24a15f01476a0f731e38503338ddfcb0fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 231e2b6b60f09e9d2c7745f80e962ade
SHA1 55485232586595652a3bdd61088da2e07b49612e
SHA256 5e2c98cff00c98b0ff215adadb5fed705aa965003fddb0e633f16ef3a68d8e63
SHA512 9541086a2d24fd0435bfa5264b77a5fb82a7d9f00fa4026f1044145c7eb1141f843c56688af4e25b88ef4bfe59a245308086d3714e216c33d4bd98e6b9ff6cda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 506d46b9640b7fe61bf436b7151b7392
SHA1 791e7b21555e224398cfb3447841ce16bb828157
SHA256 83aad54e41f7c922ee464f701ab4671e861d68f4d1f8f3ae4290662e1ca77617
SHA512 d7359c84a2c907bc4a07e7e2ab9fa00ecb9f878602bed04f1f0d0ee74f444ecead14efc4e7fc3a2dbf611c1a780e4d4a0cee0d638518f9effeb36da4887d857a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 50b7919b2c9b645b3da878438f6f2de9
SHA1 e9bdc147b3f626faa309c260caa52ad8668418e6
SHA256 cff7826db7d7aeb1fbccf0f8eab6d2345f0f6baa17cbe1d2b313d5e3c0b881d6
SHA512 c5294375e16445f8d3b961a61fc515c94d3b8c604499c569871ba970cc5092002a2cdde49630e0a7aa7328cdc33666424cce25aff395540694d0bba326e9b2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58775e.TMP

MD5 80d70b3228c7585e5d4e5ceb4cb5a059
SHA1 1b396c6fc3e4390356c0adee3142efc5365b1fcb
SHA256 d3d0c313fb18e62de05202f4e3cd53870f95b5b88d8733dc6dbf93540375af36
SHA512 57f22123d083b025e7cb310c94c843dbaef833b38b959baadff2bfba4fe9ed98a56f1685d281a190f0a98b281617a4a506f16e813daa8d1dabbbf5aa789c70e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08813b23fbc643edebdb68152b17a36e
SHA1 5bdc5154c98208a0a8d50ec6daa13a3d193a4f01
SHA256 50d994ea54d83f190553df348942400faf561818dd4eb5984542e9c6f4bb032e
SHA512 dd3cb8e2bf93cef58cfb4735dad8a13f730c8ff53146ad61956f06dd8c6b99acff532e47e96ba9fa1cd99a3c805be163bd71c2d852cc167279c29555550a3627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 347566c44c3921aef9a7e1698542b4af
SHA1 492d3bb70424243dc4189fd5dc2f4b5c2578ebf9
SHA256 d96e373b5d21ea4e333a46f66285983fb6848f8269e1bf5748e1af8f47a8ba7d
SHA512 d7684ca956aed876729a91f8d85d9f41d845ff4bcc3fbd921ea5efc34bfde0d75d2f15a834a89fafdd690a8e82d691dab88ac0c5514d6d161b3b1d0f9f242b2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3378e7d231c6aff081da7270f4f8ee2
SHA1 15f54855591e944fdfcedb332a0ea131e0c547ad
SHA256 369524ee7ef0b0193f43aede1e1decdc72bc4ef8aa3169fc9e8617fad590e7d3
SHA512 78e665bc23821677c1fd244cadaa7aedd2165bddee1b0023f9da0f2ce27ae4524d33658511b128786742f93b61493634bdceb15a73bcc454ddbd9656b2641c8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2f1f6d6d5a96e19f5e408ce6b6ff2885
SHA1 8194ace14362b8d660902cf25ca2f1869fe465c4
SHA256 ba01c825253622177a8d8d9e61507c22f818bccd919ab45b9705c7e8c3e7fd38
SHA512 7a42969dcb30591803eda26e9e2cb71b5593e1d8ac5dccba09e4ef8a766e35d7d2ec68d1ea38c07f474d011a413c7a595323f1d34f3a8463a8d7ef6046eb9432

C:\Users\Admin\Desktop\DCrat.rar

MD5 dadb31f9cd6b19e2aa650eabcf03fdce
SHA1 f8b860ac70adb921a96408ed564b7426b9eabd96
SHA256 33c8efdf697a2bf43e2aace180bd3512e51e422aa562c6a3ecb0b04d893ea656
SHA512 e2f2599a5ba122b5c54ddaf65756a92b360217e9cdbcc3cbea0f3319a78e6a3be4be8292dcec5716882a6b46947fd517f15d7f4a25574a8e927ba1ba6c825246

C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe

MD5 744e1221f6467d0b7e73a10f52e6cd6c
SHA1 33e85ae9412fa870e5d6de31502e7d48c64ce224
SHA256 31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b
SHA512 704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe

MD5 744e1221f6467d0b7e73a10f52e6cd6c
SHA1 33e85ae9412fa870e5d6de31502e7d48c64ce224
SHA256 31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b
SHA512 704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

memory/8-648-0x0000000073DE0000-0x0000000074390000-memory.dmp

memory/8-649-0x0000000073DE0000-0x0000000074390000-memory.dmp

memory/8-650-0x0000000002E80000-0x0000000002E90000-memory.dmp

C:\Users\Admin\AppData\Roaming\saads.bat

MD5 744e1221f6467d0b7e73a10f52e6cd6c
SHA1 33e85ae9412fa870e5d6de31502e7d48c64ce224
SHA256 31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b
SHA512 704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

C:\Users\Admin\AppData\Roaming\saads.bat

MD5 744e1221f6467d0b7e73a10f52e6cd6c
SHA1 33e85ae9412fa870e5d6de31502e7d48c64ce224
SHA256 31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b
SHA512 704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

C:\Users\Admin\AppData\Roaming\saads.bat

MD5 744e1221f6467d0b7e73a10f52e6cd6c
SHA1 33e85ae9412fa870e5d6de31502e7d48c64ce224
SHA256 31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b
SHA512 704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

memory/4272-667-0x0000000073DE0000-0x0000000074390000-memory.dmp

memory/8-666-0x0000000073DE0000-0x0000000074390000-memory.dmp

memory/4272-668-0x00000000010A0000-0x00000000010B0000-memory.dmp

memory/4272-669-0x0000000073DE0000-0x0000000074390000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1adff978620bff12d185a3539c9f16a1
SHA1 7e606ebc31b24f698a82fc1e5e0d5f8be39c0866
SHA256 4b040c81ceb736fda807c42314edc8602549707967247fbf73e0ec321e0c7cf3
SHA512 bcae01255fa15d3fcd6131c4bf8b3b8fae0ea6334b2b84791a250f9e427f98fd3b17bfaf37ace42813f9dd214d47765771455cff95d10800a449e4d960620292

memory/4272-688-0x0000000073DE0000-0x0000000074390000-memory.dmp

memory/4272-689-0x00000000010A0000-0x00000000010B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a9518c4a6a23469f990e4409fbfbaca4
SHA1 8ab6290c18bd931f94f185c5028a6876239300b9
SHA256 06e1ea14b52d865643272b5c61a2fb9554ffd54f3620855438df2e0be0cfbe20
SHA512 fc4ce42053b5e49cc5bcd0695c11ca6e073ab46df4128a4a8d5d3db3a042875002a544f4d4686218b07228f4a891914634f6012d75dc0baea9a5555d0489cc3f

memory/4272-706-0x00000000010A0000-0x00000000010B0000-memory.dmp

memory/4272-707-0x00000000010A0000-0x00000000010B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 218249e53ddfa2b83840323f38785684
SHA1 9e4920d6e68ebfc15650fecb9413013543c1a045
SHA256 cac3b2fe77e94e84f60372c550fc59ecaaf9cc5f5cbb261b51c27a23ac5730e2
SHA512 785f4b2c382d1a714ed3541eee11866723ba306f7ada62950f78ca1115785d1e6ade6c3361a04a69a5e98dffdc78352c04008537b6be6d063a9264b717dae2ae