Analysis Overview
Threat Level: Known bad
The file http://51.79.49.73/crc/ was found to be: Known bad.
Malicious Activity Summary
Quasar payload
Quasar RAT
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Program crash
Detects Pyinstaller
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Script User-Agent
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-04 23:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-04 23:29
Reported
2023-12-04 23:33
Platform
win10v2004-20231127-en
Max time kernel
210s
Max time network
215s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\5.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\8.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\25.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\23.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Project1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\d.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\d.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\local.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\maikati.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\munqk.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\d.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\d.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\8.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133462061909589487" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\8.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Project1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\maikati.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\munqk.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://51.79.49.73/crc/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc7cb9758,0x7ffbc7cb9768,0x7ffbc7cb9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5780 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\3.exe
"C:\Users\Admin\Downloads\3.exe"
C:\Users\Admin\Downloads\5.exe
"C:\Users\Admin\Downloads\5.exe"
C:\Users\Admin\Downloads\8.exe
"C:\Users\Admin\Downloads\8.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4292 -ip 4292
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3932 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 816
C:\Users\Admin\Downloads\25.exe
"C:\Users\Admin\Downloads\25.exe"
C:\Users\Admin\Downloads\23.exe
"C:\Users\Admin\Downloads\23.exe"
C:\Users\Admin\Downloads\Project1.exe
"C:\Users\Admin\Downloads\Project1.exe"
C:\Users\Admin\Downloads\d.exe
"C:\Users\Admin\Downloads\d.exe"
C:\Users\Admin\Downloads\d.exe
"C:\Users\Admin\Downloads\d.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "Add-MpPreference -ExclusionPath \"C:\\\""
C:\Users\Admin\Downloads\local.exe
"C:\Users\Admin\Downloads\local.exe"
C:\Users\Admin\Downloads\maikati.exe
"C:\Users\Admin\Downloads\maikati.exe"
C:\Users\Admin\Downloads\munqk.exe
"C:\Users\Admin\Downloads\munqk.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.49.79.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.254.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| CA | 51.79.49.73:80 | tcp | |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 127.0.0.1:1800 | tcp | |
| N/A | 192.168.109.1:1800 | tcp | |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| N/A | 192.168.109.1:1800 | tcp | |
| N/A | 192.168.109.1:1800 | tcp | |
| CA | 51.79.49.73:80 | 51.79.49.73 | tcp |
| CA | 51.79.49.73:80 | tcp | |
| N/A | 192.168.109.1:1800 | tcp |
Files
\??\pipe\crashpad_2624_MXZURYXFHLUZQHOB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 81de6ec060521a552adc17bf7bb0bd64 |
| SHA1 | 1360ca7320af147fb5e4db604b5d889e331cf822 |
| SHA256 | 2a19dfc89ce10e27cd12be9ef3276e1d632233cfc386acd91646fc9adec332b5 |
| SHA512 | 9099f38aaddc873471fbb4d26b14148ce1a6b2482c6ad75f80f1987f72d239db39ccd329b3b6f2a660bcb626f6aa439c9c207300c8b9e1fcabf296a22179e344 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39a5e1e218cfd57c41dccd2f08cbd5fc |
| SHA1 | 3815929e1d6bc06b4dab3f288bf3b70a49707ce2 |
| SHA256 | 5898ecc7b81ddbbeebff0812bdac9c9f8a5d6fc8afe9309d281fc5b62e8dceec |
| SHA512 | b9ff4bbdec8409e24649353d5f0c045144b084b98a97617215cbf71bddd206b588f75f72b747cbdce51b8c9f633ff752a567ce5bc872b189e48f72bdffe42a2a |
C:\Users\Admin\Downloads\Unconfirmed 15653.crdownload
| MD5 | 9ed0f58186bbb5612d8b9cd1a4212fd0 |
| SHA1 | 44d979c15dfac52d0a4bf188e5d40f084720c38c |
| SHA256 | 05ecc8ef9769cbbb379fa67b0dd66e810f20810fabe1b79b5861c3e6146772a9 |
| SHA512 | 18edf02b6f825f9f6b94e542619f912cebd15627626bfa7299210b14cbf174c7b02222b8aa5a0c9c29efecf39c0f77dfa632ca8bf055b310973396ac405705d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2cd53f0b7389db8c3944b705bfe529b |
| SHA1 | 350adeb08142d3bfc1938296a4822f56c008b2ec |
| SHA256 | 955dbc81774449b6cf3bab6a211368a4d942e5a9f650c1ab8bd22016be00e8c3 |
| SHA512 | 38bbbb1e3f2092a87fde0be01ca0089df773948d4435a54c3d6da83759e80507f05e79fc75189354670eebdcfd47a4c9ada812d8ac9b1adfc5ebd21422e87ac2 |
C:\Users\Admin\Downloads\Unconfirmed 743412.crdownload
| MD5 | 546c3feb60e349a2c00e35de128670ec |
| SHA1 | 0ec6924030bae6fc3e986b7132a81c882dfd053f |
| SHA256 | a657f9efe2f82abb3f5adbd90e9cce0cda71769e39f301c2bce8bb214daab809 |
| SHA512 | de4368f68b703a39e1b6e64f1a98bf23d2948bd0e694b737ca2dd29037cfdb7c8e85c828899203d5c55e1892a6557b77be6ed4c99d34ddee94d6494a3ebb15a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7a14c960d1c1390a12b8c5c6d39bbc29 |
| SHA1 | e92347cd6a2709a9094096515440fa7c27769582 |
| SHA256 | 769db52624919cd40148e1c92741234ebd292e5def9a3eff5aa38a555dbdcf87 |
| SHA512 | 50d3465144560d0bbffdcd4603e8686c485fc5271195c5e60e424fd2fb6db457a992b1141c9c88241f9230937f622db945ed97d1a83a6477a7a78dc5f8f453aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58242d.TMP
| MD5 | 06ff89d65cf93cb8fd1d31c70839d6ca |
| SHA1 | 192bc017896ef4881f30e8bd1435e24addbc501c |
| SHA256 | cb634cf1ba7947f1ca0b28adfaa0d9bf178ffd682e443530abf26dd8c8e92278 |
| SHA512 | a7a4e4c97290abd95a34c05c34ebc9f95937f204d2c8b1cbd41ea2bbfd0d135111bc0462a1710bf5bff5db0af54d6074823961aed169008b898f89fddb4b8ec0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9bff0759acd435f26c0b7a75bfb5752 |
| SHA1 | 793306da7469e3ce374e6b46503aa672f5dd3e3d |
| SHA256 | 5d075172abc1b8f7132d8dbb23b80db11e458fc1f431d1464b2e51b516c3d70a |
| SHA512 | dbabd4a22bb85900134627f19d91d7c371912f6442771ccaaa16f3cc9b9634640fd4185fe225bf6ff235d2eda808b59a7df0f009841c304fdb20d8c4d1ddc752 |
C:\Users\Admin\Downloads\Unconfirmed 370784.crdownload
| MD5 | 035c8f6c6e24918b3fd6ea15b1d7db97 |
| SHA1 | 1bd2547dbd0419c181c114f9cd02d1cedf546dea |
| SHA256 | 6d149eb7fab909d086e33b2dcccc4ba9ee12ccea08f0a94eb7f7ff630bc99749 |
| SHA512 | 0c707b3177e159592571de8da5247440616f9f0537dcee8c803ffc088ca6d9e33c88903e77fca2de5ae95576fa10fd678992f23914a0771ad7f59acd0b9a3ed9 |
C:\Users\Admin\Downloads\8.exe
| MD5 | ae48e7e8e4dcb69076deaeb29c8b9e98 |
| SHA1 | a2e1df3d578df711adeb3d2b45af11e4eb90eecf |
| SHA256 | 395422a2c7c25ab9826c66b1762e64d7b064e34c4efbd7922f1c85a1faf35c0c |
| SHA512 | 0899da196f621ce88b9d2763f011f1b16c1d8377ee6784b950a757886d9d11ab05647a99006d1999ddadbb83e40ea044ec7e772723b0477c730fc540d7d1a3ba |
C:\Users\Admin\Downloads\Unconfirmed 365249.crdownload
| MD5 | d10fa279604ea404d5a901161a43d399 |
| SHA1 | bfd951e6501ad4ca0a11aab52b66f00276e740c3 |
| SHA256 | 877e947b92dacbc1dc4db88be91afbd760ec7026a5b6e0f4861a362355d64e90 |
| SHA512 | 76286ffa2294784b3cdddcceb0fc74c5e986dbceff5772e0b8cb6e58faf40242ce3befa074e8db7506572d8c809fa30bc788cc9b304d11961233f6ea297d549b |
C:\Users\Admin\Downloads\Unconfirmed 732461.crdownload
| MD5 | f83f151af4fc879e060b8245d66a0290 |
| SHA1 | 8d223eb9c95206b6bf19a1cc1dacab9367d0c785 |
| SHA256 | f2b625e0b1608055f59bacfc71691a483943fbcc7b05431ecf3948ede6075ee2 |
| SHA512 | abce8078171a5ff88216227317b839a1b2c00474dae57f668ae9b90a3b5f65d7467697c2145ddb318f0fb899f8ad0c1981330f238effe81d7bebc8c8bd0a7d1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 531f9b2d776071e69aa0ebc57fc77a6c |
| SHA1 | b08843f17d3618ad858e06e43e3b4bb9475307d4 |
| SHA256 | 21a664bb27c58f8b13a77f4387d7e9a6d9cd2a66a13e1677ca30f60aacfc6e7a |
| SHA512 | 5112b56d8f63df001cf88c500dcd9bf0dda99712b0fae63d8632358ac9de35e6de5e06bf8260b670bdc895addcfa8baf51979b27e9f113188061c9033fd2ea58 |
C:\Users\Admin\Downloads\Unconfirmed 826497.crdownload
| MD5 | cdcae02be89bfde57d4b98ee2f780a16 |
| SHA1 | 522ac2290ca00251edb22542a8f70e6540fbf8c6 |
| SHA256 | 73f60aefeddf4bd9282b8e47e68953ce53f34033e4be836be06ea3a18dc7e2e0 |
| SHA512 | 5930e19a1851e1215366f88af405037e4e07701e7ce0a25d15c932bf314bb9c71ec41557bcf76c5e932dbc1fcf7f8a9cf8cc21756b12c2a97d25fd4dd61dc34c |
C:\Users\Admin\Downloads\Unconfirmed 782153.crdownload
| MD5 | 64fe9abde890656a734c3ec0008f1a5d |
| SHA1 | f38220f62d5dfc5c66e328421ceb384b8e4a53d6 |
| SHA256 | 40bb96ac2e8818dbfe168dcf841f0ddea610c1a41b776acedab195fb6df8b29a |
| SHA512 | 5211c0b21ce87dd58342fa52196791a4294bf4565b48a388f72e6715065bcad929b2a97e4206918ec516f5ab4fc2859fcef7e95cb1fef975e57c5e44adf47bc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 435496fc812729008da95aa47a26dd17 |
| SHA1 | 486710da2a4a31a8e286bd20a764900c7774d251 |
| SHA256 | 1d5724ade4920e0072c9064e389cd6b6ddfb1a7e9e4dd2f5bcb782ddf62f0186 |
| SHA512 | 0b3ab7342e4318fe7e42e5f3ae65ce89ba571e59e77a4632a6a0fd06b58780613c14548392b1186178932721c390f05bb9c0b56b8968f91704cab897f12a5ca4 |
C:\Users\Admin\Downloads\Unconfirmed 448689.crdownload
| MD5 | 9d2595aae3159474cd1e406dec09d337 |
| SHA1 | a53f1146d9b117eb4aed381977b96f12c5f28301 |
| SHA256 | 0331d9e5a7cd6d5649660f91d7f980902d03f98ccad882fec4b7349125efa48f |
| SHA512 | 06d9c8fbd1a423b289c43b158dee55ee173d83bf4c5823b5fdefe999ca86c2c93e15fe34373af8713593e3e51c063204275bca1d0312b1392166f8bec901b0a8 |
C:\Users\Admin\Downloads\Unconfirmed 817888.crdownload
| MD5 | 1335ea3b575ea12970ae595a60441d26 |
| SHA1 | 189ee218a95b4a8203f8edb63e50b16fb3a81000 |
| SHA256 | 58e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2 |
| SHA512 | 136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf |
C:\Users\Admin\Downloads\Unconfirmed 19834.crdownload
| MD5 | 93b136994058771682b8e1617ad39577 |
| SHA1 | 57817a7f1ae6f0db222d6fc5d53704ba04d5c77f |
| SHA256 | 358523747d28c2319c95762032a29996c8e9176d9f3af683b5fa7d43c7342900 |
| SHA512 | b453f6486a2de517c64b028b1d7a202d46131e19b871131dcb471afee406906759804af606242ba38e2e05012b8293140571302f4766d6e2fcaf9fc8aaf9a49a |
C:\Users\Admin\Downloads\Unconfirmed 155884.crdownload
| MD5 | ec4b8e92690e262959a284545ea5bb17 |
| SHA1 | 72f0cdd26d5c0b860af78e62b584e2252c7ca55a |
| SHA256 | 58f369b591eda0083a526592fb7d9bd3205d5c15e89ff78898614b4abab2001f |
| SHA512 | 2d1cf84dadc07d9158e55f8ce5cc2ed7b65b53a10fa2cda682f62a5815951509c9b6d64a7c89f538ab7036f8e01731236de4e125f56c0daa928556c09a820924 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2c2d3e16e7d04f4d45e5a2bf6ec100b8 |
| SHA1 | 7d4166382cc76ded8a7bf50487c5d5423f72fd34 |
| SHA256 | 86c5bdaa8b2d00ba49ad5472ba3271022664fc7ad7ea7a841b61aee7b1c4a66b |
| SHA512 | 2754ca882087d820e1da3e0180616f89e38c9dcf88ebe244cb274e02567e865e6a336c44f568f1ea9d6df51315f703a2771d2c8059fa9b0e1c5859017b692a2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a16cdbfe-2afe-4ac3-8076-8f8c6f150a3a.tmp
| MD5 | 0af80a47237416763b5d81059c163350 |
| SHA1 | 292aa798fbcff065fb2f989b24d80e74bfc05634 |
| SHA256 | 3d60d3d929715b6eb2c70872194c5ae47fcc92adf22079075ffdbebf10a5f212 |
| SHA512 | e1ac6fdf5fe735656acddd85698034b5dcee0fcfe7babfb825340b2a1bac5d7bdfe58fd0940ef8811e1986693c8ed492529eb865a3b4fd3c19e8e91e8755ff72 |
memory/5032-362-0x0000000000400000-0x0000000000419000-memory.dmp
memory/3676-363-0x00000000009A0000-0x0000000000CC4000-memory.dmp
memory/3676-364-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp
memory/3676-365-0x000000001BA20000-0x000000001BA30000-memory.dmp
memory/3676-366-0x000000001C2D0000-0x000000001C320000-memory.dmp
memory/3676-367-0x000000001C3E0000-0x000000001C492000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w4c5ls4u.fpq.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3836-389-0x000002221D1F0000-0x000002221D212000-memory.dmp
memory/3836-391-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp
memory/3836-392-0x00000222049A0000-0x00000222049B0000-memory.dmp
memory/3676-393-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp
memory/3836-394-0x00000222049A0000-0x00000222049B0000-memory.dmp
memory/3676-395-0x000000001BA20000-0x000000001BA30000-memory.dmp
memory/3836-396-0x00000222049A0000-0x00000222049B0000-memory.dmp
memory/3836-399-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp
memory/4148-400-0x0000000000360000-0x0000000000684000-memory.dmp
memory/4148-402-0x000000001B240000-0x000000001B250000-memory.dmp
memory/4148-401-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp
memory/4148-404-0x00007FFBB4470000-0x00007FFBB4F31000-memory.dmp
C:\Users\Admin\Downloads\1.txt.crdownload
| MD5 | 97d1df08c744ffdcd02a0bb242654344 |
| SHA1 | 19b48b4fab13e13b8a3bc337043a1630a97284a7 |
| SHA256 | e555a713564a260d6dcd8ba4ebb6f096fb06ad7d3b240a0cd02b287f0da1da75 |
| SHA512 | c88c0fb249c491d9c51e18bcb585bb5a6e150c3256c482b1855ae8353509f1e8d57e1402a28be890f81636c0cc6084e917631abd7ff34e37163e5af873ceb1ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76119e6b53d13111c6b2484b692449f8 |
| SHA1 | aee49b3d579913634cb8e39e1e3048f8fc6bfe0e |
| SHA256 | d091947863af4e73709772bfb39d012db66cde326665325a6f86dd013a129a7e |
| SHA512 | ca1a354c090bd9ab89c6a7d140a636ba6964937bac561c766d82c6ecd71265e7b6e1878447888ef7070c07a51e7bac14955c49a34dc9b43d23e086a36ac112ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2ddd8e5c4940304c51772fa8a2fc72ca |
| SHA1 | 2bfcc39a97ec70ea3f46425e3a1fee4509344b92 |
| SHA256 | 8f5e0f5e7bb19d9003f48c1dfd7b1f749bf0f98e543b6dbd891604ffa996f70c |
| SHA512 | fa0b3d02aad572aab221ae6bc45cdc1f87dac2fd9b1b9f04789325dce869f187ea26a506a0b99dc739b0ad47ef2d634de19e29a073e65cdc3636d4aef5e04902 |