Malware Analysis Report

2025-06-15 19:48

Sample ID 240211-gswpkafe48
Target ssFlingTrs-259a3513.exe
SHA256 02e9cce466341413dcef8b0413cb442bc4f26e9968a100bae8f1fd445109075f
Tags
rhadamanthys stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

02e9cce466341413dcef8b0413cb442bc4f26e9968a100bae8f1fd445109075f

Threat Level: Known bad

The file ssFlingTrs-259a3513.exe was found to be: Known bad.

Malicious Activity Summary

rhadamanthys stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Loads dropped DLL

Executes dropped EXE

Suspicious use of SetThreadContext

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-11 06:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-11 06:04

Reported

2024-02-11 06:16

Platform

win11-20231222-en

Max time kernel

632s

Max time network

538s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 4588 created 2964 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\system32\sihost.exe

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3892 set thread context of 3156 N/A C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe C:\Windows\SysWOW64\cmd.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521052149202144" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4286256601-2211319207-2237621277-1000\{CA531C89-8DBC-4BC3-8BF8-51242A7F90A6} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4012 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\ssFlingTrs-259a3513.exe C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe
PID 4012 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\ssFlingTrs-259a3513.exe C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe
PID 4012 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\ssFlingTrs-259a3513.exe C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe
PID 3424 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe
PID 3424 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe
PID 3424 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe
PID 3892 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe C:\Windows\SysWOW64\cmd.exe
PID 3892 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe C:\Windows\SysWOW64\cmd.exe
PID 3892 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe C:\Windows\SysWOW64\cmd.exe
PID 3892 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe C:\Windows\SysWOW64\cmd.exe
PID 3156 wrote to memory of 4588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\explorer.exe
PID 3156 wrote to memory of 4588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\explorer.exe
PID 3156 wrote to memory of 4588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\explorer.exe
PID 3156 wrote to memory of 4588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\explorer.exe
PID 4588 wrote to memory of 3360 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\dialer.exe
PID 4588 wrote to memory of 3360 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\dialer.exe
PID 4588 wrote to memory of 3360 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\dialer.exe
PID 4588 wrote to memory of 3360 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\dialer.exe
PID 4588 wrote to memory of 3360 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\dialer.exe
PID 4708 wrote to memory of 2188 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 2188 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4708 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Users\Admin\AppData\Local\Temp\ssFlingTrs-259a3513.exe

"C:\Users\Admin\AppData\Local\Temp\ssFlingTrs-259a3513.exe"

C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe

C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe

C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe

"C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc29c9758,0x7fffc29c9768,0x7fffc29c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3320 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5712 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6088 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5496 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5196 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5356 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5380 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:1

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SubmitUpdate.m4a"

Network

Country Destination Domain Proto
GB 184.28.176.56:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 20.42.65.91:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
GB 142.250.180.4:443 android.com tcp
GB 142.250.180.4:443 android.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
GB 216.58.212.241:443 csp.withgoogle.com tcp
GB 216.58.212.241:443 csp.withgoogle.com tcp
GB 216.58.212.241:443 csp.withgoogle.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 240.11.241.35.in-addr.arpa udp
US 8.8.8.8:53 241.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 172.217.16.246:443 i.ytimg.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 172.217.16.230:443 static.doubleclick.net tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
BE 74.125.206.154:443 stats.g.doubleclick.net tcp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 35.241.11.240:443 kstatic.googleusercontent.com udp
GB 142.250.200.14:443 play.google.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:80 www.amcrestview.com tcp
US 34.227.6.54:80 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
GB 172.217.169.3:80 www.gstatic.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 34.227.6.54:443 www.amcrestview.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp

Files

memory/4012-0-0x0000000000400000-0x0000000000A46000-memory.dmp

memory/4012-1-0x00007FFFC2A70000-0x00007FFFC2BEA000-memory.dmp

memory/4012-3-0x00007FFFC2A70000-0x00007FFFC2BEA000-memory.dmp

memory/4012-8-0x00007FFFC2A70000-0x00007FFFC2BEA000-memory.dmp

memory/4012-13-0x00007FFFC2A70000-0x00007FFFC2BEA000-memory.dmp

memory/4012-14-0x00007FFFC2A70000-0x00007FFFC2BEA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe

MD5 9fb4770ced09aae3b437c1c6eb6d7334
SHA1 fe54b31b0db8665aa5b22bed147e8295afc88a03
SHA256 a05b592a971fe5011554013bcfe9a4aaf9cfc633bdd1fe3a8197f213d557b8d3
SHA512 140fee6daf23fe8b7e441b3b4de83554af804f00ecedc421907a385ac79a63164bd9f28b4be061c2ea2262755d85e14d3a8e7dc910547837b664d78d93667256

C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\relay.dll

MD5 7d2f87123e63950159fb2c724e55bdab
SHA1 360f304a6311080e1fead8591cb4659a8d135f2d
SHA256 b3483bb771948ed8d3f76faaa3606c8ef72e3d2d355eaa652877e21e0651aa9a
SHA512 6cb8d27ebcfdf9e472c0a6fff86e6f4ec604b8f0f21c197ba6d5b76b703296c10c8d7c4fb6b082c7e77f5c35d364bcffd76ae54137e2c8944c1ea7bb9e2e5f08

C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UIxMarketPlugin.dll

MD5 5447785dd51a058ca7b1cc13f6b17f1c
SHA1 f016d1d4ded05bd505eb323538935ddd90e4d262
SHA256 16a243d1ea580dbdbafc8e586b6678ee0fa8166121ec6c554ce72ce6ba0affee
SHA512 13d05742623dac38c022f0e72444bbd1055e8f0dfce40ce69957acdd5299b62b391d1216b6cef0eec0b8e9305639e84feecdd579f562879f8dd936b21c5a6723

C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\switchblade.zip

MD5 dc072d759bdef5a39c9cd6dfe7a08788
SHA1 29d4d8a68dd9ecac44fd07fba65b81fa030850e5
SHA256 0702a88636bca9a7a2968543d678cc895fa60ef588f8dea2e0f5709e26d1ee95
SHA512 a45578027fec2ade849bda5b74447cf5d69ee37bcc245b7cfbb74043651e0ab0729bbb40469431b4d3d7f51017a2d248f4cc40ac5a62456fb9f70d8a3b8ca5c9

C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\underset.xlsx

MD5 a7663aab7134c1d33bc44e13a7c89fce
SHA1 998c81b1ff7ba0aa5d912616b15de73f13ddf590
SHA256 4b53a6fa886aa340b54457a5d4e0349d5d5fe1ce796306031325ecf3427a7d00
SHA512 77272a6d4a09b1699789e20064174825d987ea42c7492700a8affcc478ab1cdcf6ecc616ee2b221cdf90c3bf8cc697912b034e2ec9409823f6489cbb61194f9c

memory/3424-24-0x0000000073980000-0x0000000073AFD000-memory.dmp

memory/3424-25-0x00007FFFE3140000-0x00007FFFE3349000-memory.dmp

memory/3892-41-0x00000000739A0000-0x0000000073B1D000-memory.dmp

C:\ProgramData\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20240211060554.TXT

MD5 793e03affcc93ff81e1f2fe95f6940a6
SHA1 7c1caff97ce100dc4c9ee273b84de8849f45f763
SHA256 21ac5899180d43efb12e4d4da4b42cd6ea4e6f864a228dcc019a72e4c049b176
SHA512 aaace08877da1ee11506263e0d574671712090b9b5102cfc4d2c74580dc0ac31a6e625ec55bfdb8000df45792b8aeab84a01c5cbe7de19d6e71cd9df8e648769

memory/3892-42-0x00007FFFE3140000-0x00007FFFE3349000-memory.dmp

memory/3892-43-0x00000000739A0000-0x0000000073B1D000-memory.dmp

memory/4012-44-0x00007FFFC2A70000-0x00007FFFC2BEA000-memory.dmp

memory/3892-46-0x00000000739A0000-0x0000000073B1D000-memory.dmp

memory/3156-48-0x00000000739A0000-0x0000000073B1D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9a96aff5

MD5 db78fce00c8fe6dadcfafe86e8282f2f
SHA1 342f5f988c0cf71af3397caadfd73fd44e08b344
SHA256 77e471460d3ccf0ef2997af25db620e5a3c8c416b32b9005f78c4f316fa7c0ff
SHA512 fa5a62e5d586a10c15cf7d9cffe5bb4341273e4ea00bd3ea7522143ab558d350b1fac8db4d3e701fa2244279db9b6fc37025ff6a863d9820a24a1c8882ce97f0

memory/3156-50-0x00007FFFE3140000-0x00007FFFE3349000-memory.dmp

memory/3156-51-0x00000000739A0000-0x0000000073B1D000-memory.dmp

memory/3156-52-0x00000000739A0000-0x0000000073B1D000-memory.dmp

memory/3156-54-0x00000000739A0000-0x0000000073B1D000-memory.dmp

memory/4588-55-0x0000000000CC0000-0x0000000000D4A000-memory.dmp

memory/4588-56-0x00007FFFE3140000-0x00007FFFE3349000-memory.dmp

memory/4588-57-0x0000000000CC0000-0x0000000000D4A000-memory.dmp

memory/4588-59-0x0000000000090000-0x00000000004BC000-memory.dmp

memory/4588-60-0x0000000003FD0000-0x00000000043D0000-memory.dmp

memory/4588-62-0x0000000003FD0000-0x00000000043D0000-memory.dmp

memory/4588-61-0x0000000000CC0000-0x0000000000D4A000-memory.dmp

memory/4588-65-0x0000000003FD0000-0x00000000043D0000-memory.dmp

memory/4588-66-0x0000000076800000-0x0000000076A52000-memory.dmp

memory/3360-67-0x0000000000880000-0x0000000000889000-memory.dmp

memory/3360-71-0x0000000002530000-0x0000000002930000-memory.dmp

memory/3360-72-0x00007FFFE3140000-0x00007FFFE3349000-memory.dmp

memory/3360-74-0x0000000002530000-0x0000000002930000-memory.dmp

memory/3360-76-0x0000000076800000-0x0000000076A52000-memory.dmp

memory/3360-75-0x00007FFFE3140000-0x00007FFFE3349000-memory.dmp

memory/3360-77-0x0000000002530000-0x0000000002930000-memory.dmp

memory/3360-78-0x00007FFFE3140000-0x00007FFFE3349000-memory.dmp

\??\pipe\crashpad_4708_TSJNLLKWOWPABBCH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49fd013ea60cb8e76a4236850b10aeb0
SHA1 d42927dff7e875270b970d39e74f7c6bb1751c26
SHA256 49d08f9e24575d1fbdec9f1e7c0b5691402a34c967295b77bd85bd9a55bd8eb2
SHA512 5ec7473b8748dada89c3877c8fd526176f6ce1cf03c7d0a80b38fb2d28a15478ed64f29abb7f05ef5693bd5ba46231ff0422a4f694de6d5c7e79ca606c255bec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a969809b49d854e4810073581cc36bc3
SHA1 b9855c2944249ec67fc9ebf48b4be001cefe48eb
SHA256 89382e170f6b659cab693f53a94706242e3afd3ca647b3b0b31e507dfc731121
SHA512 21d5e35fe58815d1504f8ea7a3327d6ae960ffd270af34474099eb51daa0f6df954d1f47bb69d16b21b3f37bf5f4970ecd45c4c14236caa84e3014be5a7a8e0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d9f98fcb7752e3d4c7da1428561029c
SHA1 26cd5a5d53e7346b294f30d55cdb9618b72f88b6
SHA256 2127024623badff937e68b3110dc04a99557978c1096c0bf74edd61e6d404dae
SHA512 9d62b3600223cd844709def3ddfdb9cc51a1de2c2df5a1f68813d28f22bbe1ae400f0ec2169661704ba98412c50e96138ec6e601c10d292407093bef13642a2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1a11d2e679398a46130a8e69938589c1
SHA1 80f74a4b94301a301e3d94a491e306c4b5799aa6
SHA256 ed9e88f3eb0ed15af38a286cbd3243fff2a009c41af5909e6ba05f4e6ac7f154
SHA512 e418424ee9a1753d90c89bfbbd91577de6ebc0ecf838a76d07452f26874e53804abed9d2ded6ee520379d7dcb8e997b616353b821478447af074a36bc98548c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54245d0766f1c2ccff0500321038155b
SHA1 55e4a5ee79355ac88f2e2aa2211c61cc84133988
SHA256 9a5a1ce83a11f2f09e51d703f22ff62f3f399fcb524ac899c5db48bd805a9bb5
SHA512 d5826f1dc2ba78b1f7ed66935c71f477d8cdf95b82eb8fa684c6c17cbd05754029fa2b320358d993648674800cc94c6456d8f18dc87de64f254f2e68024e4c8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6760d997e40e12bf33bb3103e3a90a4c
SHA1 efd99e5cb117fe6d1b005e06223dd759a7f54015
SHA256 6973107629961c43e14f8d4b701249c502d4bfe7aaf7b281fc8c6cfaeeaf3674
SHA512 b9704fbe98009bba33c5a2a609a4e30e0c8e732afdddaa2cfbdfbaea12664c7b9e8dd6b9c1b10f1d3e379a5253a1fe9e3f3bf7573038f77b7fe23d4bf106cfb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1585292bae402e754b4c6327df0991e2
SHA1 61df08b8d376eb5836659ae6a7b05e42ca2f20ee
SHA256 9cd60ab5a88bd00cc9560fca72f4bb234513efe49cae69035901adecff00335b
SHA512 9c508dc1ed12cd456ae2232b4cab052cb8f9ba07b3c8e862d42f08a9eb468bdef2c2006227bec736b2198678a6dc4e4b3d5ba874fcacac7e0128841933b9cb9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c1dff.TMP

MD5 346bb56d30bc0868db96a27e9ec2d935
SHA1 71a56985cff5bafd96e416dd000edc72e7cbc614
SHA256 58788d628866c95e6f121cfdba45cf7f5a1dce5d7020b2d4c30f027a72971fdf
SHA512 c638f5f9d305dae6cdf3728f5d800784b7469b6bf93d2abb878392cd56d1e647617b086b32c0cb16831e5a88255c5f077e4fdcc0de90e8a6e88feffc2f4ed070

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cf9bb2e0-8191-422a-9612-7b6e76900367.tmp

MD5 7d71e0830b9b4db21de9696955b9d9f5
SHA1 8d64f61b3d5f476182e87b54c676d5da2bdd3cf1
SHA256 18b10712a42512579e505f6d22f774a7754663be37a2856ea65b11d2d94a0602
SHA512 4cd4059ba051a071a7ffcb82d367e6e33498e3f242469cd4deaaee836fbf72856c89005a133ed3414f29fba1d2247ae4414bbccbe320ec3b62b699a66e570155

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fae6d80f44184f42a7d633d40f4d8289
SHA1 e10219d1ffee8eeab7daae1569df92db70e76b9b
SHA256 6a33dcdec4375793a43117b2ad1c7bd9aae4e0fa2a35bc9c5e84241897700c37
SHA512 0c1b4b544b102f68dd0b01e63b72d9bae2a7fe142185dde29f4baafeaadbd3361d43e884e406fd63ada03979eebcff9e82a3c18bf27c0edac982028a130e1d2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 b2bcb93f2e3b1d9da241623286519694
SHA1 d4b79109d0625e1fa08f382dfc853168f680d262
SHA256 7d6fb9792be792ba96e51063264220e5fbbbf42374b0600f217a5807d2e53324
SHA512 b991e5a995d47d191a303b3e3e2c0dc6f9c13326e86634c53890d8561f253f73ea08b6a5390c84f68651ad2414994c72080655361acc796862f52b85fbb6ade3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 84c974586dc6a361e61175676b50d8e6
SHA1 f718baec2d077833d6ef0f5f6ce9a7ecc8015b45
SHA256 c52593e6d0b848ebbc4298ed116687345c3dab9f3e82b45287f6d56fe6e18671
SHA512 cc1895b6e5380e7c8e70012e5b482a38b095df34978e6036eae919a3343657f7fb250215746dd99d7a9a3ff0e5ab0cf5b86ef2740e39620952d0d4eac651c014

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 3f9ac4ebc2ea885bd22f0a0996cb3f8d
SHA1 bb825861820b52660acb93e7ef731fb382d6bf08
SHA256 23ab3a1a00ee43b48ea4bcb1ea61ab54da41f61139a0f899ca87c88929136972
SHA512 5631c3b39b4fca771a950baf9c2bfd35c9dd39fb429b10fd12e29cff3dcddd06a5ee69796668a878920167920ec9cced2aa99260444b422c85770f29b7a664c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 41dbd79dbad0a05ed4ba13fe3f405dc4
SHA1 b6fe6125a56ad24cbaf413e03bac244cdef94676
SHA256 fa64e7e2f5c0b8543f5baab82a9608776fb9b459df53fd8f4c7fa0ee7760b2cf
SHA512 3b1428fa7a5478c1750af3517a23c188f90b9471af9f2c92175a2e6c8f56fcb4988f6c4baab4245824932f0828b9a36f2661c8062013b5e02122b8f0248efcc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 2fd7cd780e3f0efe3a88207eeb266663
SHA1 a72c61f63c1bc8ccd2850884e0bf1e21845ceae8
SHA256 b37ad9c2cf69227b48d7d83a0ca043f9417b278e171943ed1159bbf4a28c0582
SHA512 beb2a5cc579d0719b377e5ea8107985a41efa2b16412584e9d9b6620d3d91bbbd13e2d7f2b9a6a9b173e51082f60b7521e9ab5a5d73eb1549cf32fc600ac4528

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 d22908892e63cea6f06318934796a795
SHA1 b6751b8126140e6214898c14b18c784be2441d0b
SHA256 9b20ff8068970aeb31f5b3a255a3f74c271c8c1542afc2d5edfa2ff523354f26
SHA512 d1dad74b24269e8a4bda9d2dc764cdc55a460498537cd0ae68480ed21326537795cc34453e39b0864332cd7265a3571bcba67159e4830dcfdd5f133051751213

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 2f5cff3759c26c69ba77d2053ec7564b
SHA1 bef0c8a73a2b989d701671ad0ebd0feceaebdcec
SHA256 f604f921b911355b62ec049ee1de4c7a1ad58ebb1e330501ada6e9a5dd1a4646
SHA512 191543eda20f9abfaebf36fb83973483b13206a8dd5e55cdb9b7905738501f67c5ee98ff3201fd76a4a92e2b7cbb4aa639a777fd0f4742be49d596719693e599

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb264731ff71c2c41787079c8505b6d0
SHA1 d7cb08802476b2f29fb94d0526da1a5398528362
SHA256 404f550e809a2d8c3730808ffe4fdef35432af1e396e659ee1bf1e25fa8fdcbf
SHA512 a7e720707b046054eddc1cd9e91b71816bc72283877ff5783203d640620e6bc5a9150c4b0b11042261aceda88b6ebace87d0790ef8b231a0e1ac9e0c22c3635e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1d75750943721749f170213320d1582c
SHA1 2ba27f208f3630bcac00a3a914a82365499fe62e
SHA256 4a7e9e48c994661bf2e2ef2d8f5bfa5f25a098d70d12e0deaa9f3b28afe25f40
SHA512 b7663f0f224db00005098fbbfac7fced4b53eee0d36cea8f0f8d06969634332049337169438ba370791bf59d0b90193e17657875734d25920f79e01cbae90a16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b195e72bf435acca8ba575c1c18b7ea
SHA1 d2962cdaefd68ae876a54295288878ec151f68db
SHA256 eb3d0fb9937bb3b6b651379b21cfc2fffcbb353b3dbb5016965534c185476ce8
SHA512 6d4f7bc163e65bccc5fc4ea3d63a0fb478b84c0ba6a59000434a956058ff6c1ca6c6e6fec0f5fded1e73ea754442bb15ee81f040d41c578adc9cbae82c4ec4cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8ab88000edddf999fac4b5d3433f7b68
SHA1 240db399ad5bb2776490e143dde2fcb4c9bae963
SHA256 72c1bec78e11d983ae7003c8039ed4473d0b233c69e140b520a9aad55d0a6c8f
SHA512 a6e3c85789d4b3c8eea0b2d0bc3d5cb18bd6cca7a57f26ec155b48da7e1633b13bb42bb2ff388665c87d1aca40153db2809d296012fef08eca6a2b0e24ee05de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5cf208.TMP

MD5 a94e5956f897d5fd4c60c44ef9069e57
SHA1 55c22d5055cd39de828cc35e61d1d05690364b60
SHA256 9ffc773f341c6192779ac7fce6e212d31f128693a00c813f95e9211b8af3defd
SHA512 d138a11c9d1546f74484829add329d2d2668953bcbf8ad9ca4e0bc1bc6fa9e8d2060d35a750cc16620add7d24f0e30a4fde7edcfda0cea2b4b65aca62bd2a0fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c52e9cb124b015b08eb16aeeaab1550c
SHA1 d519719bfd9006ed58661ff18545f3275e8a4c58
SHA256 94603665d7b8ce409e5248a185f6346bdcfb0288f57dfb160977140b39ffca62
SHA512 970e9a626ea9fc0050a17bf0d076a310d806d383231d02b43ee5fb925417e50367c82f082ea4b89813e93d94a789894fc73b5be1f7f148586e207c58477d0798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f509668fea0cbb92f4c280b6510c6396
SHA1 1c4495c75788d5db2ce8c97c35088ae8b02b8407
SHA256 9e8ed239e4875bbeba6d55ef11e8e4bddc710ad2c8933ab5980d81679dc7a5a4
SHA512 db2b2d20b6bb040c8da88e26baa4f5230e9cd4e3b5e1518d25e7f5e08901978a4fabbc8ac98f4a104f84262c517dedfa2d3290796086aaa71ad50512a9101340

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 28cbf8a0ae8524f0d49da415c945075d
SHA1 acd57c7c2a3849d919f29154740883414e77fe84
SHA256 d7e69fbec5d698661b4a8d19f1458a5fc551931dbaff5ad2cc7c5ba84d56d8b4
SHA512 0ec67c8b37c420f0b1acd1332a3d9d4b47c514e9261a9fe3f0c829333e068fcd94f9cb03884f15d445207b7485faae7c470720b7543616cbf487739b1bef14fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d2222b6c17af4aee5282d86e654e98c
SHA1 9d3fbd17a46cb98fcd08d858f602c10746328c02
SHA256 54823f1509eb3c94ddd9f7ef6fbc1723be31078aaaae786ef5d7d3dbff4628ef
SHA512 c2b299cf2ea0d36a5246f111c617bf4f297d91423b6d245b9af06cd8c84fb5dcc4613f5a8eba6a5a70ca32e01c23f87d7e1608d90c180cddc88478d907145297

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2b60f3cff3b1f616561c6af4bd1b5e6b
SHA1 cf7f84382260ca0f005df72a62bd97f0fe3663cb
SHA256 d27d3ffdcc0e2aba99861029550cd92ea1ec5cf7bc5057fe0cabdd9d0a7509ef
SHA512 087f01a7245aee99c61a13a55edf6542258bac38cf2a359c9728d65dde46430d65f27408e506568ced43606897d01df6b80d1470baf8c7cc8408b3e829812a60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 df59829342c69dd79288fe5e2e1ba867
SHA1 d96991d23ddc986fc672306258b1c5effc555260
SHA256 d0dd6f31db9cde2898a5e864d1a531290fdb5d57232a605e16f2991c93bcf288
SHA512 9bcc95242a9f5d8c4a4694f9579814f106e2cffb57ba5b1be23a5ab962a77f35cb740076f3e6571feb1d0dcf03e0bca05d1212a7d39936412e42b625072ed62e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31209ab26e38e4c32dd65fa41464036a
SHA1 f7a256ef0af5d66424d533d1d2b7755f2af4d2d3
SHA256 7d8813c9b1adae5f72293ac154829d44a09ed5d527df85d85cfeb52c072a0eaa
SHA512 969742289911cabf7c68214afd8a72fe86b9d78bbd430e1b7c305596cf487ab72797287d3b8723d9498bed4a45ed9514b2786829b583d2ac6fda9ab9773ccb12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 294c28415d0c37ccdca0005f74634b6e
SHA1 5a0381da20621be3ffb74917f8c30ae867e13967
SHA256 6f01b64aaf2b84ad12f04d675f23ccbf8d2cde51bd014b73210256aad1e26a53
SHA512 268bb1e66acc8c9759bf5939328f1f53ddc0d1e24b8261f72fcf994926f849f69f9236937a89c4a3520588e2fb3c54009c7af1cfcebcbcdd28188c9b98f25947

memory/3400-810-0x00007FF781310000-0x00007FF781408000-memory.dmp

memory/3400-811-0x00007FFFDC4D0000-0x00007FFFDC504000-memory.dmp

memory/3400-812-0x00007FFFC25E0000-0x00007FFFC2894000-memory.dmp

memory/3400-813-0x00007FFFC0B70000-0x00007FFFC1C1B000-memory.dmp

memory/3400-814-0x00007FFFC0650000-0x00007FFFC0762000-memory.dmp