Malware Analysis Report

2025-01-18 04:26

Sample ID 231204-3gsz7agb7z
Target http://51.79.49.73/crc/
Tags
quasar office04 pyinstaller spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://51.79.49.73/crc/ was found to be: Known bad.

Malicious Activity Summary

quasar office04 pyinstaller spyware trojan

Quasar payload

Quasar RAT

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Program crash

Detects Pyinstaller

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Script User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-04 23:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-04 23:29

Reported

2023-12-04 23:33

Platform

win10v2004-20231127-en

Max time kernel

210s

Max time network

215s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://51.79.49.73/crc/

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\d.exe N/A
N/A N/A C:\Users\Admin\Downloads\d.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\8.exe

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133462061909589487" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\3.exe N/A
N/A N/A C:\Users\Admin\Downloads\23.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\8.exe N/A
N/A N/A C:\Users\Admin\Downloads\Project1.exe N/A
N/A N/A C:\Users\Admin\Downloads\maikati.exe N/A
N/A N/A C:\Users\Admin\Downloads\munqk.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2624 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2624 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://51.79.49.73/crc/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc7cb9758,0x7ffbc7cb9768,0x7ffbc7cb9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5780 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\3.exe

"C:\Users\Admin\Downloads\3.exe"

C:\Users\Admin\Downloads\5.exe

"C:\Users\Admin\Downloads\5.exe"

C:\Users\Admin\Downloads\8.exe

"C:\Users\Admin\Downloads\8.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4292 -ip 4292

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3932 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 816

C:\Users\Admin\Downloads\25.exe

"C:\Users\Admin\Downloads\25.exe"

C:\Users\Admin\Downloads\23.exe

"C:\Users\Admin\Downloads\23.exe"

C:\Users\Admin\Downloads\Project1.exe

"C:\Users\Admin\Downloads\Project1.exe"

C:\Users\Admin\Downloads\d.exe

"C:\Users\Admin\Downloads\d.exe"

C:\Users\Admin\Downloads\d.exe

"C:\Users\Admin\Downloads\d.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "Add-MpPreference -ExclusionPath \"C:\\\""

C:\Users\Admin\Downloads\local.exe

"C:\Users\Admin\Downloads\local.exe"

C:\Users\Admin\Downloads\maikati.exe

"C:\Users\Admin\Downloads\maikati.exe"

C:\Users\Admin\Downloads\munqk.exe

"C:\Users\Admin\Downloads\munqk.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
CA 51.79.49.73:80 51.79.49.73 tcp
CA 51.79.49.73:80 51.79.49.73 tcp
CA 51.79.49.73:80 51.79.49.73 tcp
CA 51.79.49.73:80 51.79.49.73 tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 73.49.79.51.in-addr.arpa udp
US 8.8.8.8:53 67.254.221.88.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
CA 51.79.49.73:80 51.79.49.73 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
CA 51.79.49.73:80 51.79.49.73 tcp
CA 51.79.49.73:80 51.79.49.73 tcp
CA 51.79.49.73:80 tcp
CA 51.79.49.73:80 51.79.49.73 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
CA 51.79.49.73:80 51.79.49.73 tcp
N/A 127.0.0.1:1800 tcp
N/A 127.0.0.1:1800 tcp
N/A 192.168.109.1:1800 tcp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
N/A 192.168.109.1:1800 tcp
N/A 192.168.109.1:1800 tcp
CA 51.79.49.73:80 51.79.49.73 tcp
CA 51.79.49.73:80 tcp
N/A 192.168.109.1:1800 tcp

Files

\??\pipe\crashpad_2624_MXZURYXFHLUZQHOB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 81de6ec060521a552adc17bf7bb0bd64
SHA1 1360ca7320af147fb5e4db604b5d889e331cf822
SHA256 2a19dfc89ce10e27cd12be9ef3276e1d632233cfc386acd91646fc9adec332b5
SHA512 9099f38aaddc873471fbb4d26b14148ce1a6b2482c6ad75f80f1987f72d239db39ccd329b3b6f2a660bcb626f6aa439c9c207300c8b9e1fcabf296a22179e344

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39a5e1e218cfd57c41dccd2f08cbd5fc
SHA1 3815929e1d6bc06b4dab3f288bf3b70a49707ce2
SHA256 5898ecc7b81ddbbeebff0812bdac9c9f8a5d6fc8afe9309d281fc5b62e8dceec
SHA512 b9ff4bbdec8409e24649353d5f0c045144b084b98a97617215cbf71bddd206b588f75f72b747cbdce51b8c9f633ff752a567ce5bc872b189e48f72bdffe42a2a

C:\Users\Admin\Downloads\Unconfirmed 15653.crdownload

MD5 9ed0f58186bbb5612d8b9cd1a4212fd0
SHA1 44d979c15dfac52d0a4bf188e5d40f084720c38c
SHA256 05ecc8ef9769cbbb379fa67b0dd66e810f20810fabe1b79b5861c3e6146772a9
SHA512 18edf02b6f825f9f6b94e542619f912cebd15627626bfa7299210b14cbf174c7b02222b8aa5a0c9c29efecf39c0f77dfa632ca8bf055b310973396ac405705d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2cd53f0b7389db8c3944b705bfe529b
SHA1 350adeb08142d3bfc1938296a4822f56c008b2ec
SHA256 955dbc81774449b6cf3bab6a211368a4d942e5a9f650c1ab8bd22016be00e8c3
SHA512 38bbbb1e3f2092a87fde0be01ca0089df773948d4435a54c3d6da83759e80507f05e79fc75189354670eebdcfd47a4c9ada812d8ac9b1adfc5ebd21422e87ac2

C:\Users\Admin\Downloads\Unconfirmed 743412.crdownload

MD5 546c3feb60e349a2c00e35de128670ec
SHA1 0ec6924030bae6fc3e986b7132a81c882dfd053f
SHA256 a657f9efe2f82abb3f5adbd90e9cce0cda71769e39f301c2bce8bb214daab809
SHA512 de4368f68b703a39e1b6e64f1a98bf23d2948bd0e694b737ca2dd29037cfdb7c8e85c828899203d5c55e1892a6557b77be6ed4c99d34ddee94d6494a3ebb15a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7a14c960d1c1390a12b8c5c6d39bbc29
SHA1 e92347cd6a2709a9094096515440fa7c27769582
SHA256 769db52624919cd40148e1c92741234ebd292e5def9a3eff5aa38a555dbdcf87
SHA512 50d3465144560d0bbffdcd4603e8686c485fc5271195c5e60e424fd2fb6db457a992b1141c9c88241f9230937f622db945ed97d1a83a6477a7a78dc5f8f453aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58242d.TMP

MD5 06ff89d65cf93cb8fd1d31c70839d6ca
SHA1 192bc017896ef4881f30e8bd1435e24addbc501c
SHA256 cb634cf1ba7947f1ca0b28adfaa0d9bf178ffd682e443530abf26dd8c8e92278
SHA512 a7a4e4c97290abd95a34c05c34ebc9f95937f204d2c8b1cbd41ea2bbfd0d135111bc0462a1710bf5bff5db0af54d6074823961aed169008b898f89fddb4b8ec0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9bff0759acd435f26c0b7a75bfb5752
SHA1 793306da7469e3ce374e6b46503aa672f5dd3e3d
SHA256 5d075172abc1b8f7132d8dbb23b80db11e458fc1f431d1464b2e51b516c3d70a
SHA512 dbabd4a22bb85900134627f19d91d7c371912f6442771ccaaa16f3cc9b9634640fd4185fe225bf6ff235d2eda808b59a7df0f009841c304fdb20d8c4d1ddc752

C:\Users\Admin\Downloads\Unconfirmed 370784.crdownload

MD5 035c8f6c6e24918b3fd6ea15b1d7db97
SHA1 1bd2547dbd0419c181c114f9cd02d1cedf546dea
SHA256 6d149eb7fab909d086e33b2dcccc4ba9ee12ccea08f0a94eb7f7ff630bc99749
SHA512 0c707b3177e159592571de8da5247440616f9f0537dcee8c803ffc088ca6d9e33c88903e77fca2de5ae95576fa10fd678992f23914a0771ad7f59acd0b9a3ed9

C:\Users\Admin\Downloads\8.exe

MD5 ae48e7e8e4dcb69076deaeb29c8b9e98
SHA1 a2e1df3d578df711adeb3d2b45af11e4eb90eecf
SHA256 395422a2c7c25ab9826c66b1762e64d7b064e34c4efbd7922f1c85a1faf35c0c
SHA512 0899da196f621ce88b9d2763f011f1b16c1d8377ee6784b950a757886d9d11ab05647a99006d1999ddadbb83e40ea044ec7e772723b0477c730fc540d7d1a3ba

C:\Users\Admin\Downloads\Unconfirmed 365249.crdownload

MD5 d10fa279604ea404d5a901161a43d399
SHA1 bfd951e6501ad4ca0a11aab52b66f00276e740c3
SHA256 877e947b92dacbc1dc4db88be91afbd760ec7026a5b6e0f4861a362355d64e90
SHA512 76286ffa2294784b3cdddcceb0fc74c5e986dbceff5772e0b8cb6e58faf40242ce3befa074e8db7506572d8c809fa30bc788cc9b304d11961233f6ea297d549b

C:\Users\Admin\Downloads\Unconfirmed 732461.crdownload

MD5 f83f151af4fc879e060b8245d66a0290
SHA1 8d223eb9c95206b6bf19a1cc1dacab9367d0c785
SHA256 f2b625e0b1608055f59bacfc71691a483943fbcc7b05431ecf3948ede6075ee2
SHA512 abce8078171a5ff88216227317b839a1b2c00474dae57f668ae9b90a3b5f65d7467697c2145ddb318f0fb899f8ad0c1981330f238effe81d7bebc8c8bd0a7d1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 531f9b2d776071e69aa0ebc57fc77a6c
SHA1 b08843f17d3618ad858e06e43e3b4bb9475307d4
SHA256 21a664bb27c58f8b13a77f4387d7e9a6d9cd2a66a13e1677ca30f60aacfc6e7a
SHA512 5112b56d8f63df001cf88c500dcd9bf0dda99712b0fae63d8632358ac9de35e6de5e06bf8260b670bdc895addcfa8baf51979b27e9f113188061c9033fd2ea58

C:\Users\Admin\Downloads\Unconfirmed 826497.crdownload

MD5 cdcae02be89bfde57d4b98ee2f780a16
SHA1 522ac2290ca00251edb22542a8f70e6540fbf8c6
SHA256 73f60aefeddf4bd9282b8e47e68953ce53f34033e4be836be06ea3a18dc7e2e0
SHA512 5930e19a1851e1215366f88af405037e4e07701e7ce0a25d15c932bf314bb9c71ec41557bcf76c5e932dbc1fcf7f8a9cf8cc21756b12c2a97d25fd4dd61dc34c

C:\Users\Admin\Downloads\Unconfirmed 782153.crdownload

MD5 64fe9abde890656a734c3ec0008f1a5d
SHA1 f38220f62d5dfc5c66e328421ceb384b8e4a53d6
SHA256 40bb96ac2e8818dbfe168dcf841f0ddea610c1a41b776acedab195fb6df8b29a
SHA512 5211c0b21ce87dd58342fa52196791a4294bf4565b48a388f72e6715065bcad929b2a97e4206918ec516f5ab4fc2859fcef7e95cb1fef975e57c5e44adf47bc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 435496fc812729008da95aa47a26dd17
SHA1 486710da2a4a31a8e286bd20a764900c7774d251
SHA256 1d5724ade4920e0072c9064e389cd6b6ddfb1a7e9e4dd2f5bcb782ddf62f0186
SHA512 0b3ab7342e4318fe7e42e5f3ae65ce89ba571e59e77a4632a6a0fd06b58780613c14548392b1186178932721c390f05bb9c0b56b8968f91704cab897f12a5ca4

C:\Users\Admin\Downloads\Unconfirmed 448689.crdownload

MD5 9d2595aae3159474cd1e406dec09d337
SHA1 a53f1146d9b117eb4aed381977b96f12c5f28301
SHA256 0331d9e5a7cd6d5649660f91d7f980902d03f98ccad882fec4b7349125efa48f
SHA512 06d9c8fbd1a423b289c43b158dee55ee173d83bf4c5823b5fdefe999ca86c2c93e15fe34373af8713593e3e51c063204275bca1d0312b1392166f8bec901b0a8

C:\Users\Admin\Downloads\Unconfirmed 817888.crdownload

MD5 1335ea3b575ea12970ae595a60441d26
SHA1 189ee218a95b4a8203f8edb63e50b16fb3a81000
SHA256 58e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2
SHA512 136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf

C:\Users\Admin\Downloads\Unconfirmed 19834.crdownload

MD5 93b136994058771682b8e1617ad39577
SHA1 57817a7f1ae6f0db222d6fc5d53704ba04d5c77f
SHA256 358523747d28c2319c95762032a29996c8e9176d9f3af683b5fa7d43c7342900
SHA512 b453f6486a2de517c64b028b1d7a202d46131e19b871131dcb471afee406906759804af606242ba38e2e05012b8293140571302f4766d6e2fcaf9fc8aaf9a49a

C:\Users\Admin\Downloads\Unconfirmed 155884.crdownload

MD5 ec4b8e92690e262959a284545ea5bb17
SHA1 72f0cdd26d5c0b860af78e62b584e2252c7ca55a
SHA256 58f369b591eda0083a526592fb7d9bd3205d5c15e89ff78898614b4abab2001f
SHA512 2d1cf84dadc07d9158e55f8ce5cc2ed7b65b53a10fa2cda682f62a5815951509c9b6d64a7c89f538ab7036f8e01731236de4e125f56c0daa928556c09a820924

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c2d3e16e7d04f4d45e5a2bf6ec100b8
SHA1 7d4166382cc76ded8a7bf50487c5d5423f72fd34
SHA256 86c5bdaa8b2d00ba49ad5472ba3271022664fc7ad7ea7a841b61aee7b1c4a66b
SHA512 2754ca882087d820e1da3e0180616f89e38c9dcf88ebe244cb274e02567e865e6a336c44f568f1ea9d6df51315f703a2771d2c8059fa9b0e1c5859017b692a2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a16cdbfe-2afe-4ac3-8076-8f8c6f150a3a.tmp

MD5 0af80a47237416763b5d81059c163350
SHA1 292aa798fbcff065fb2f989b24d80e74bfc05634
SHA256 3d60d3d929715b6eb2c70872194c5ae47fcc92adf22079075ffdbebf10a5f212
SHA512 e1ac6fdf5fe735656acddd85698034b5dcee0fcfe7babfb825340b2a1bac5d7bdfe58fd0940ef8811e1986693c8ed492529eb865a3b4fd3c19e8e91e8755ff72

memory/5032-362-0x0000000000400000-0x0000000000419000-memory.dmp

memory/3676-363-0x00000000009A0000-0x0000000000CC4000-memory.dmp

memory/3676-364-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

memory/3676-365-0x000000001BA20000-0x000000001BA30000-memory.dmp

memory/3676-366-0x000000001C2D0000-0x000000001C320000-memory.dmp

memory/3676-367-0x000000001C3E0000-0x000000001C492000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w4c5ls4u.fpq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3836-389-0x000002221D1F0000-0x000002221D212000-memory.dmp

memory/3836-391-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

memory/3836-392-0x00000222049A0000-0x00000222049B0000-memory.dmp

memory/3676-393-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

memory/3836-394-0x00000222049A0000-0x00000222049B0000-memory.dmp

memory/3676-395-0x000000001BA20000-0x000000001BA30000-memory.dmp

memory/3836-396-0x00000222049A0000-0x00000222049B0000-memory.dmp

memory/3836-399-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

memory/4148-400-0x0000000000360000-0x0000000000684000-memory.dmp

memory/4148-402-0x000000001B240000-0x000000001B250000-memory.dmp

memory/4148-401-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

memory/4148-404-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp

C:\Users\Admin\Downloads\1.txt.crdownload

MD5 97d1df08c744ffdcd02a0bb242654344
SHA1 19b48b4fab13e13b8a3bc337043a1630a97284a7
SHA256 e555a713564a260d6dcd8ba4ebb6f096fb06ad7d3b240a0cd02b287f0da1da75
SHA512 c88c0fb249c491d9c51e18bcb585bb5a6e150c3256c482b1855ae8353509f1e8d57e1402a28be890f81636c0cc6084e917631abd7ff34e37163e5af873ceb1ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76119e6b53d13111c6b2484b692449f8
SHA1 aee49b3d579913634cb8e39e1e3048f8fc6bfe0e
SHA256 d091947863af4e73709772bfb39d012db66cde326665325a6f86dd013a129a7e
SHA512 ca1a354c090bd9ab89c6a7d140a636ba6964937bac561c766d82c6ecd71265e7b6e1878447888ef7070c07a51e7bac14955c49a34dc9b43d23e086a36ac112ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2ddd8e5c4940304c51772fa8a2fc72ca
SHA1 2bfcc39a97ec70ea3f46425e3a1fee4509344b92
SHA256 8f5e0f5e7bb19d9003f48c1dfd7b1f749bf0f98e543b6dbd891604ffa996f70c
SHA512 fa0b3d02aad572aab221ae6bc45cdc1f87dac2fd9b1b9f04789325dce869f187ea26a506a0b99dc739b0ad47ef2d634de19e29a073e65cdc3636d4aef5e04902