Malware Analysis Report

2024-11-16 15:57

Sample ID 240215-xcswqsec47
Target https://github.com/pankoza2-pl/TrashMalwares
Tags
bootkit google evasion persistence phishing spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/pankoza2-pl/TrashMalwares was found to be: Known bad.

Malicious Activity Summary

bootkit google evasion persistence phishing spyware stealer trojan

UAC bypass

Detected google phishing page

Disables RegEdit via registry modification

Manipulates Digital Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Disables Task Manager via registry modification

Loads dropped DLL

Drops startup file

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Adds Run key to start application

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops autorun.inf file

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Delays execution with timeout.exe

System policy modification

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry key

Enumerates system info in registry

Kills process with taskkill

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Runs regedit.exe

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Opens file in notepad (likely ransom note)

Runs net.exe

Creates scheduled task(s)

Modifies registry class

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-15 18:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-15 18:42

Reported

2024-02-15 18:56

Platform

win10-20240214-en

Max time kernel

782s

Max time network

789s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares

Signatures

Detected google phishing page

phishing google

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\en-US\fwpkclnt.sys.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gm.dls C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Windows\SysWOW64\cmd.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\wintrust.dll C:\Windows\SysWOW64\cmd.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_240859031 C:\Users\Admin\Downloads\AcidRain.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hifjdnfejfnejnkdpamzm.vbs C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sodnciwkms.vbs C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\n0rt0nant1ldks.vbs C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_240803734 C:\Users\Admin\Downloads\AcidRain.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_240849140 C:\Users\Admin\Downloads\AcidRain.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe C:\Users\Admin\Downloads\AcidRain.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe C:\Users\Admin\Downloads\AcidRain.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AcidRain.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe N/A
N/A N/A C:\Users\Admin\Downloads\AcidRain.exe N/A
N/A N/A C:\Users\Admin\Downloads\AcidRain.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\x.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\TEMZ.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\PC shaking v4.0.exe N/A
N/A N/A C:\Windows\Media\PCshakingv4.0.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Dro trojan. Virus prank.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\START.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Killer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Shaking_horizontally.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R_O_13-27.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Draw_cursor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Error_icons.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Inversion_and_oil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\New_Names.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NyanCatIsHere.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\AM6528~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM9F84~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM2B68~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM6020~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM0683~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMA4BE~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM3D76~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM4CF3~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM690B~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM4F04~2.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM7077~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM1C0B~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM3085~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM59AD~2.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM4D7C~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM4B40~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM4552~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMDE56~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM0743~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMDDAD~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM9DBE~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM63CB~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMD7B5~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM0E5E~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM11AF~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMD94D~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM664C~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMC6FC~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM0935~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMA2CB~1.0_N\Desktop.ini C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM7BFB~1.0_N\desktop.ini C:\Windows\SysWOW64\cmd.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\Windows\BITLOC~1\autorun.inf C:\Windows\SysWOW64\cmd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ncryptprov.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\WINDOW~1\v1.0\Modules\NETWOR~1\NetworkConnectivityStatus.psd1 C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\irprops.cpl.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\certmgr.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\schedsvc.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\netcfgx.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\netiougc.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\packager.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\WLanConn.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\mdminst.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\DfrgUI.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\WABSyncProvider.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\fdBthProxy.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\InfDefaultInstall.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\apphelp.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\capiprovider.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\sfc_os.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\wdc.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\appwiz.cpl.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\DaOtpCredentialProvider.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\mountvol.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\fidocredprov.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\XInput1_4.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\auditpolmsg.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\quartz.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\twinapi.appcore.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\mscms.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\advapi32.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\das.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\ro-RO\comctl32.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\activeds.tlb C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\vfwwdm32.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\sxstrace.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\iscsicpl.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\rasauto.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\mscms.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\WINDOW~1\v1.0\Modules\PSDESI~1\DSCRES~1\MSFT_W~2\en-US\MSFT_WaitForAny.schema.mfl C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\BthTelemetry.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\CPFilters.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\netiougc.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\wshtcpip.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\clusapi.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\ConnectedAccountState.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\doskey.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\explorer.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\joinproviderol.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\MbaeApi.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\subst.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\KBDTUQ.DLL C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\mferror.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\BWContextHandler.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\Fondue.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\webcheck.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\scrptadm.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\pshed.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\faultrep.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\accessibilitycpl.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\AppLockerCSP.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\prnntfy.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\avicap32.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\WINMET~1\Windows.Media.winmd C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\rstrui.exe.mui C:\Windows\SysWOW64\cmd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRA~1\WI7DB9~1\MIAB25~1.0_X\Assets\Preview.scale-200_layoutdir-LTR.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~1\HxCalendarMediumTile.scale-400.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\images\OneNoteAppList.targetsize-32_altform-unplated.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\6924_24x24x32.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\6924_48x48x32.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~2\OutlookMailSmallTile.scale-100.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI97D5~1.SCA\Assets\SECOND~1\DIRECT~1\Work\LTR\WideTile.scale-100.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MICROS~4.0_X\Assets\AppTiles\Weather_BadgeLogo.scale-200.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\application.manifest C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\en-us\styles\wefgallerywinrt.css C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\small\wf_16x11.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI0911~1.0_X\Assets\PhotosStoreLogo.contrast-black.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI7930~1.0_X\Assets\CalculatorAppList.scale-200.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~2\HxCalendarAppList.targetsize-20.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIE745~1.0_X\Assets\FILEIC~1\FileLogoExtensions.targetsize-48.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\dm_60x42.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\st_60x42.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI0911~1.0_X\Assets\PhotosAppList.targetsize-36_altform-fullcolor.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI41D1~1.0_X\Assets\AlarmsAppList.contrast-white_targetsize-72_altform-unplated.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\2818_48x48x32.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\COMMON~1\MICROS~1\ink\ja-JP\InkObj.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\DELETE~1\MICROS~2.SCA\AppxSignature.p7x C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\images\CONTRA~2\OneNoteAppList.targetsize-96_altform-unplated.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI97D5~1.SCA\Assets\SECOND~1\Place\WideTile.scale-100.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIE984~1.0_X\Assets\AppTiles\MapsAppList.targetsize-32_altform-unplated.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\Themes\Jumbo\jumbo_background.jpg C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\mz_60x42.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\small\vi_16x11.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI0911~1.0_X\LUMIA~1.VIE\Assets\IconEditMoment.scale-200.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI691C~1.0_X\Assets\CONTRA~1\AppList.targetsize-16_contrast-black.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\EMOTIC~1\large\waiting.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MID550~1.SCA\Assets\SECOND~1\DIRECT~1\Home\LTR\CONTRA~1\LargeTile.scale-125.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\COMMON~1\MICROS~1\ink\it-IT\InputPersonalization.exe.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WINDOW~4\ACCESS~1\wordpad.exe C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MICROS~1.0_X\Assets\MANIFE~1\CONTRA~2\Square310x310Logo.scale-100.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\THEMEC~1\ClassicDeck4.jpg C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\Themes\Autumn\autumn_13c.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\Themes\Beach\beach_12s.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI7C12~1.0_X\Assets\CONTRA~1\WideLogo.scale-100_contrast-black.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\small\pw_16x11.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~1\GenericMailBadge.scale-200.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\COMMON~1\MICROS~1\ink\ja-JP\mshwLatin.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WINDOW~1\ja-JP\EppManifest.dll.mui C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MICROS~4.0_X\Assets\AppTiles\WEATHE~1\30x30\156.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI79E2~1.0_X\Assets\GetStartedAppList.targetsize-64_altform-unplated_contrast-white.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\THEMEP~1\Effects\outer glow.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\ch_60x42.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~1\GenericMailLargeTile.scale-200.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\COMMON~1\MICROS~1\ink\FSDEFI~1\main\baseAltGr_rtl.xml C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI7930~1.0_X\Assets\CalculatorAppList.targetsize-40_altform-fullcolor.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\6486_36x36x32.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI7C12~1.0_X\Assets\AppList.targetsize-32_altform-unplated.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI7C12~1.0_X\Assets\AppList.targetsize-60_altform-unplated.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\bj_60x42.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\10191_40x40x32.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MID550~1.SCA\Assets\SECOND~1\DIRECT~1\Work\LTR\WideTile.scale-125.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI06B9~1.SCA\Assets\AppTiles\CONTRA~1\StoreLargeTile.scale-100.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI101B~1.0_X\Assets\AppTiles\CONTRA~2\StoreAppList.scale-200.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI7B67~1.0_X\XBOXAP~1.MOD\sqlite3.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI22BC~1.0_X\Assets\VoiceRecorderAppList.contrast-white_targetsize-36_altform-unplated.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MI7B67~1.0_X\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated_contrast-high.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MICROS~4.0_X\Assets\AppTiles\Spacer\5px.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIE03D~1.0_X\Assets\toast.scale-200.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\PROGRA~1\WI7DB9~1\MIEC84~1.0_X\clrcompression.dll C:\Windows\SysWOW64\cmd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM92F3~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM73BD~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMBFA6~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMBC1A~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM072A~2.0_E\ADSNTD~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM5F12~1.0_N\DEFAUL~3.JS C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM13FA~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM843D~1.0_E\EAPPCF~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMEF78~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM4FD3~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM44A9~1.0_E\IALPSS~1.INF C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMEE5C~2.0_F\FORFIL~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\FileMaps\$$70EC~1.CDF C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\FileMaps\PRCD36~1.CDF C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM6FEA~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\WO2177~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MS562A~1.0_N\WMSADM~1.DLL C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\IMMERS~1\Settings\AAA_SettingsPageCortanaNotifications.settingcontent-ms C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\INFUSE~1\Packages\MIB685~1.0_X\images\HxMailMediumTile.scale-125.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM5C7A~1.0_N\storvsc.sys C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM73A8~1.0_N\Amd64\CNB_0398.GPD C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM11E2~3.0_N\deCP6.gpd C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMC3D7~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\Backup\AM042B~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\X81C3A~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SYSTEM~1\MICROS~1.MIC\ja-JP\assets\ERRORP~1\needhvsi.html C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMFA13~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MS7608~1.0_E\MICROS~1.DLL C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMD22E~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM4D34~3.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\X8BCFC~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MS5FD7~1.170\SYSTEM~1.DLL C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM5F98~2.0_N\WEB_LO~1.DEF C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\Backup\WOC895~1.DLL C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM013D~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM8170~1.0_F\CDPSVC~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM14C4~1.0_F\FFUPRO~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM3086~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMD91F~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\Fonts\georgiai.ttf C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\INFUSE~1\Packages\MIB685~1.0_X\images\CONTRA~1\HxA-Google.scale-300.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\INFUSE~1\Packages\MI06B9~1.SCA\Assets\AppTiles\CONTRA~2\StoreMedTile.scale-100.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM34C8~1.0_N\ED913D~1.XRM C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM150B~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM8735~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\X8C5A8~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM8FBF~1.0_N\smalle.fon C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM5365~1.0_E\MSSMBI~1.INF C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\Backup\AM821B~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM1BE5~1.0_N\redirect.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM2A39~1.0_E\CSCSVC~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM029D~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\WO8759~2.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\INF\mdmdf56f.inf C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SERVIC~1\Packages\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM2077~1.0_F\BOOTST~1.MUI C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AME157~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AMA07F~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\MSE8A9~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\INFUSE~1\Packages\MIAB71~1.SCA\Assets\WINDOW~1\WindowsCameraWideTile.scale-125.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\INFUSE~1\Packages\MID550~1.SCA\Assets\SECOND~1\COLLEC~1\SmallTile.scale-125.png C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\MANIFE~2\AM0ACC~1.MAN C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AMF8B9~1.0_E\C_APO~1.INF C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\WinSxS\AM0A8B~1.0_N\netr28ux.sys C:\Windows\SysWOW64\cmd.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133524961991336145" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Japanese Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "1" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Adult" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 205791d2e968da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%SystemDrive%\\Data\\SharedData\\Speech_OneCore\\Engines\\TTS\\fr-FR" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\A0533 = 0f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c000000010000000400000000080000190000000100000010000000f044424c506513d62804c04f719403f9030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a3620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f2da2933f60da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "409" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "You have selected %1 as the default voice." C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = 7e122c149aaa93b13838083a2eb340f90acc75e3fe8c64632da049ee241e1016 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hongyu Mobile" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\A0533 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Ana Mobile - Spanish (Spain)" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mega.nz\ = "65" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\it-it\\M1040ElsaV2" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%SystemDrive%\\Data\\SharedData\\Speech_OneCore\\Engines\\TTS\\es-MX" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "German Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\pt-BR\\MSTTSLocptBR.dat" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2e0c2d9a3f60da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{C6FABB24-E332-46FB-BC91-FF331B2D51F0}" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%SystemDrive%\\Data\\SharedData\\Speech_OneCore\\Engines\\TTS\\en-US" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "414184877" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Runs net.exe

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4448 wrote to memory of 808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 5084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 5084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcd89e9758,0x7ffcd89e9768,0x7ffcd89e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3572 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2148 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5636 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\ReadMe!.txt

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\SuS.jpg" /ForceBootstrapPaint3D

C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe

"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:2

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe

"C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"

C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe

"C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"

C:\Users\Admin\Downloads\AcidRain.exe

"C:\Users\Admin\Downloads\AcidRain.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\61B9.tmp\Acid Rain.bat" "

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SysWOW64\reg.exe

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\SysWOW64\timeout.exe

Timeout 1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\net.exe

net user Admin 888Z.QrK2T!ZDshw5jZ.QrK2T!ZDshw5jRR

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 user Admin 888Z.QrK2T!ZDshw5jZ.QrK2T!ZDshw5jRR

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\timeout.exe

Timeout 1

C:\Windows\SysWOW64\net.exe

net stop wuauserv

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop wuauserv

C:\Windows\SysWOW64\timeout.exe

Timeout 1

C:\Windows\SysWOW64\reg.exe

REG add HKCU\Software\Policies\Microsoft\Windows\System /f /v DisableCMD /t REG_DWORD /d 00000002

C:\Windows\SysWOW64\timeout.exe

Timeout 50

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcd89e9758,0x7ffcd89e9768,0x7ffcd89e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4316 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\Downloads\AcidRain.exe

"C:\Users\Admin\Downloads\AcidRain.exe"

C:\Users\Admin\Downloads\AcidRain.exe

"C:\Users\Admin\Downloads\AcidRain.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sodnciwkms.vbs"

C:\Windows\SysWOW64\timeout.exe

Timeout 65

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\SysWOW64\mspaint.exe

mspaint

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\timeout.exe

Timeout 5

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mspaint.exe

mspaint

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\timeout.exe

Timeout 5

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\n0rt0nant1ldks.vbs"

C:\Windows\SysWOW64\timeout.exe

Timeout 5

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\timeout.exe

Timeout 5

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hifjdnfejfnejnkdpamzm.vbs"

C:\Windows\SysWOW64\timeout.exe

Timeout 55

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2196 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5176 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Users\Admin\Downloads\x.exe

"C:\Users\Admin\Downloads\x.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\is64.bat" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4360 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4532 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5864 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Users\Admin\Downloads\TEMZ.exe

"C:\Users\Admin\Downloads\TEMZ.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x300

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#125 S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5804 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=1748 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1480 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6252 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Users\Admin\Downloads\PC shaking v4.0.exe

"C:\Users\Admin\Downloads\PC shaking v4.0.exe"

C:\Windows\Media\PCshakingv4.0.exe

"C:\Windows\Media\PCshakingv4.0.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6652 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6552 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4548 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8

C:\Users\Admin\Downloads\Dro trojan. Virus prank.exe

"C:\Users\Admin\Downloads\Dro trojan. Virus prank.exe"

C:\Users\Admin\AppData\Local\Temp\START.exe

"C:\Users\Admin\AppData\Local\Temp\START.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ZbDz.vbs"

C:\Users\Admin\AppData\Local\Temp\Killer.exe

"C:\Users\Admin\AppData\Local\Temp\Killer.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZbDz.bat" "

C:\Windows\SysWOW64\reg.exe

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "DisableTaskMgr" /t REG_DWORD /d 1

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM Taskmgr.exe /F

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM Taskmgr.exe /F

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM Taskmgr.exe /F

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM Taskmgr.exe /F

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM Taskmgr.exe /F

C:\Windows\SysWOW64\reg.exe

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "DisableTaskMgr" /t REG_DWORD /d 1

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Collapse_all.js"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SHK.vbs"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SHK.bat" "

C:\Users\Admin\AppData\Local\Temp\Shaking_horizontally.exe

Shaking_horizontally.exe

C:\Windows\SysWOW64\timeout.exe

timeout /t 1

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM Shaking_horizontally.exe /F

C:\Users\Admin\AppData\Local\Temp\R_O_13-27.exe

"C:\Users\Admin\AppData\Local\Temp\R_O_13-27.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\OptionalFeatures.exe

"C:\Windows\system32\OptionalFeatures.exe"

C:\Users\Admin\AppData\Local\Temp\Draw_cursor.exe

"C:\Users\Admin\AppData\Local\Temp\Draw_cursor.exe"

C:\Users\Admin\AppData\Local\Temp\Error_icons.exe

"C:\Users\Admin\AppData\Local\Temp\Error_icons.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Users\Admin\AppData\Local\Temp\Inversion_and_oil.exe

"C:\Users\Admin\AppData\Local\Temp\Inversion_and_oil.exe"

C:\Users\Admin\AppData\Local\Temp\New_Names.exe

"C:\Users\Admin\AppData\Local\Temp\New_Names.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3a5b055 /state1:0x41c64e6d

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 201.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.143:443 www.bing.com tcp
GB 92.123.128.143:443 www.bing.com tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 217.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 143.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.thisworldthesedays.com udp
US 64.91.240.248:443 www.thisworldthesedays.com tcp
US 64.91.240.248:443 www.thisworldthesedays.com tcp
US 8.8.8.8:53 248.240.91.64.in-addr.arpa udp
US 8.8.8.8:53 193.179.17.96.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 ww1.thisworldthesedays.com udp
DE 64.190.63.136:80 ww1.thisworldthesedays.com tcp
DE 64.190.63.136:80 ww1.thisworldthesedays.com tcp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
DE 64.190.63.136:80 ww1.thisworldthesedays.com tcp
DE 64.190.63.136:80 ww1.thisworldthesedays.com tcp
US 8.8.8.8:53 drive.google.com udp
GB 172.217.169.46:443 drive.google.com tcp
GB 172.217.169.46:443 drive.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
GB 172.217.16.238:443 ogs.google.com tcp
GB 172.217.16.238:443 ogs.google.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.14:443 apis.google.com tcp
GB 172.217.169.14:443 apis.google.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 content.googleapis.com udp
GB 142.250.187.202:443 content.googleapis.com tcp
GB 142.250.187.202:443 content.googleapis.com tcp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
GB 172.217.169.74:443 blobcomments-pa.clients6.google.com tcp
GB 172.217.169.74:443 blobcomments-pa.clients6.google.com tcp
US 8.8.8.8:53 drive-thirdparty.googleusercontent.com udp
GB 216.58.201.97:443 drive-thirdparty.googleusercontent.com tcp
GB 216.58.201.97:443 drive-thirdparty.googleusercontent.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
DE 140.82.121.6:443 api.github.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp
GB 216.58.212.195:443 ssl.gstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dbd5bc5b4fc0483c7df2c809cffb3e38
SHA1 696bdd99b43b963fc8285c4fe37ea63d26a10ebd
SHA256 e958b99741ba282948f99259953c231ac69b2f3fd89f2ec6af793b739c0fa004
SHA512 795bedd4a92fe8b57436afa2af7f42148e64bb420cc1b9fc40a2d46a9e4420a65546dcf7c3014afa60db5314ba81e76cd40be2a413a3f297244890ce957504ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6842976d84c2a636231d860e29711a4
SHA1 566972663fc16d65c192b9b7ef37598a83e02074
SHA256 cca14c3cafde620c444c75d00829a3aa60c1783b374371543eb85a101eecd7c0
SHA512 1e00b403ff46e25f6e3357676aadd183f68ead0977dddd7bd73e47acddce30dc5c6efc7601e22496bb84d3ba3f422011055c836f8f7e93ab221b85b643ee9499

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c2ebb004f315a54bc1f2bebd5c95593
SHA1 2e5288c665c926835f2129640d39688bfe09bd3e
SHA256 d76b4669340b89afe830d55f1447f7922327e7878a653bcb53383e44b9348c84
SHA512 6c437176db474529f4bfff16101f5eef4130c9c7bc9445e9ec1b6e43fc3f47f213823486766b12feb8b52e4c7bca5abb79b2505e15b98da7208144b97b298c37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8eedad140da3558bef6c60a9ba3bca41
SHA1 de6c0c6c8e48ad5562a4fcd0d83d9ab16ccb4f66
SHA256 bcfd2995110b75df00c7206ce88722eb810061afd252caa77bd147a12b46c98e
SHA512 1a5345ac13972a88dc340fae998f1dd5554cf033964fa4607d856a0cd1cea5769b76a76c97289a4ad47b7107ed9997b0fb824c32eed0387bffde6071a329ab48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e87c74356ab0814b06184ce9e7ab58a4
SHA1 cec8b4f84a1cbefe42a618c7d58236ef4c57496c
SHA256 17f853dbd26203970c7dc35d12918817c9885968d940d2218c15b0b5cce56845
SHA512 6d5ab7c7e9a84c29f1a4786ee855671f6f7f8cced2ba29b8c49c2c046c0ca9aa316ce18a8cfd7663d558f2b78cb13f58c2da78cbc37001a6f527e12530f156dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aabf4e80da33cfc938eb80184c489b59
SHA1 0b535631dc8667e86af5d7386c9e0900a3b640a0
SHA256 21234265a0e19a5d47bf2a9fd48bf181ef1ae34320cd2c42e72782443ba83ccd
SHA512 b661d255d1f8bd4e75dbc8fc9a490192491c410c00f18a9740c847e9c52f724027a0c54b98345bbfb3a84c8ceb5de0acb8b7ae7f303806315056ead8da413ae1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a91c8171349946640d309bb0289c1cd8
SHA1 5404be72979b67bea9954f1e2fa449e5c6ddcf4b
SHA256 b7e1f5f11cdc20a6652a4fc481431778c921dd094148c947ee48ef877ee07d36
SHA512 1ad3b39ab1d8312a9f85850f193b2a17c249c7281c49a48c29c0dcdf86899609e254c4d1ad77333374a19ea740ca6ff59c82b3695072f8f4d8f6e764ca9ec1d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7f3fbc822563b318b6a890a7397a6660
SHA1 f45fcac37fe8d4f8575dae97d012c60d2baa42ae
SHA256 4c6280d30badf3de4c592c46238f2148156aef528e459a716d4c6435b9ffffac
SHA512 a35ca0a3cd29837bd46dabd922167f1af2b6e3b8767029d0eb1c5cf3c1fc91ef2e55f04a6b05392d74270dcb5db0326b5a909206406109d36da47a6d5f536cab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9917a9ba4da2ef8b451de5ea688acca
SHA1 12d6a6e85dcc979308f6f9944e2cfee28ce9b7ec
SHA256 44a722ff3c7842dd8daa6d6a84e824e5fce2c96cecf8ba03cdad29623000de9a
SHA512 640ee061a485ed2dbb2aea4765804cd484115bef1017b4f63af7064b91ad638e00af0104aa631852bcb05603bfd780d0e6d2ab01441e73b8325326814946ee48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b38fbfc76d09c2f4921030aa2a0e5d88
SHA1 b7b112c399540663b016ddab4ff008f3d196ac6c
SHA256 4361469d829c9e9b0276b17e8b620db84b25383ffc146fff4d02f691096f3484
SHA512 b854897a229b8c542177cd277b6201efe0676e2942838d5baab3b4b7758dc75f1db61fff01515988c0c6d0c40c8db3db00fe6a00249359b9ca15237cc1cb9683

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 8b9eacf27d8cc019f76ef3af98561bf0
SHA1 fc122ef4d3e67cd96a9af327ae2bad8ae86ea21a
SHA256 cd0630f5382ed34c83c05f228320cd7164afb42fc70a2b2c101a4fe212f64329
SHA512 b11ae48db37d2ba9a0e5026ee6d50d3b5deb4b38395af3ca4743a0f6aaa39ae1d84f348b4175901dabda05cb50524c2c25950848f89db5829346c1e281113e6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 bcf8a9566c19c82f4bdb43f53a912bab
SHA1 aedbcfb45eed11b7ad362b53ff32bacec9f932ee
SHA256 52c97dd2602b4d9ac70b61c3dd9b0f9869c5c211e2a4b52e94eda5e150349ae7
SHA512 cfec8603b3eecc261735ddb3d9f292f47e5e34761d73c33b8a1fa1efcf8e07b9b5595a28eac3b238842cf1f63a155b0376840f42ab22ad3186390bcfbc62adfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 1570abcb0b7f274a02f4aa39a18aff63
SHA1 87d392d2f1c89a2ab2672e495d1198b34e81fceb
SHA256 cfcea4b88ddd288925d0a6b6a2b62f44b27160c6f55d5dcfaf293a3eb45f53f9
SHA512 5aece76ee3a8a734404be76f2feffa30d4bc1c618a3ff4c8ca8244e6ccee2886599a095b6578be10d8da2810934e8e255658c90c22da35f0354617c9ad08b2af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 4b4947c20d0989be322a003596b94bdc
SHA1 f24db7a83eb52ecbd99c35c2af513e85a5a06dda
SHA256 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180
SHA512 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 657ed1b9ac0c74717ea560e6c23eae3e
SHA1 6d20c145f3aff13693c61aaac2efbc93066476ef
SHA256 ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570
SHA512 60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 2f3c7b5f9221520efbdb40dc21658819
SHA1 df12f010d51fe1214d9aca86b0b95fa5832af5fd
SHA256 3ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99
SHA512 d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 33f6827683553c84560411d0309998e8
SHA1 ed17cbfa1593734614a73176f1dbc6c0696c8820
SHA256 2f590a0ba1fb67f7ce58d450831244feda8facff5293b843652fde3b8cbcba7e
SHA512 7b9cd0a2c64d457de6132cdb7528b0621c2111a4bbfc94f122a13b337ef395bd8c0e77c33e2752e8afe0903ae2f3cb96fe7d989c367389a5e0ea18bc15a661be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ca65cdb2a03fa4ff134ecdda6fa5acf4
SHA1 5b12dcdc6bb954a12c80991dd22ff676e2fc80c3
SHA256 77edcec9f93c27596fdce017ec5c4cea903f1d35b78f1db4d9f8dd38bc9f4cd4
SHA512 9f1c0544ec1183be027dcc974d3956ceaf7855718534521d2df4aff79e0eaca74cb4e3acf39d06e6fbf7efd1739dbfbd8aec5e7c25459a8e8d62633295037808

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 7681ba6e447706935c297d6ae7707970
SHA1 339523c7e340104c221fa3793a5cbdd982dfe1bb
SHA256 0d07386726f7dad947874420c79bce200df31e58799b776c30cc40880bf02be5
SHA512 f903179d6b55ffe2151cde85b05a9f95dc55791287957c239a16e92fef8146cfd36cc36148c8c0636e171e36052a5f81c0e7fec0f7a9d628a8f041a0714e8afa

C:\Users\Admin\Downloads\VbucksGen.zip.zip.crdownload

MD5 f1adcee21b57d3b6b7b2c361cbb37482
SHA1 6eb21cfa42c6669cd7a0b33fa78ac283879910a1
SHA256 c91f093ca512ab2f4e6a4da997afb3ebd6c673b8bd4ee24d03248e6eb5691591
SHA512 2a085cd3db1a0ef9c693091784300093fc23fcc202c9040f9d681946a1f1bf2853ef00271c2c1b08fed90d3c189ebb042b74a7f40cd6b551129649184c0dbe0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c842520e2968c9157a18949e92c9ddc1
SHA1 5dbd99b5ac5b0db7550ff441d240ec1c792ce23e
SHA256 5ae7b5ae33c36f4bb323d62b6e67cb6401c08133bdbdc12acd1c5cc8f27d52bf
SHA512 8951b08c40b319ee65b924dd01c69f4579e67da4b89e93232816eb5509a67f963313ad6e37c2b96e5020fada3b0eaaf39d6bcbeda4acb1e90ccdfa39176e7134

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a55897765e62164ec651cf2ee8b6690b
SHA1 ef2b977803669b84cb9c0aa7453d05ce0551c813
SHA256 c48dd727d3c8f015dcb759b01943309588129d28d5945b069c426cd841d5ec65
SHA512 0a2fd1a48d1984e8c80d80b9301b74850acae71753b47ad209d7ce57aa55ccbfad8d5a435df8b3be5df979c4f44656681484a053a235021ac3f008a6fec3a69e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad51ec07529fe997f0b6b98adaf34b15
SHA1 a0781b8ffcba64122a7ecd43d8793d96b01449fe
SHA256 e2f3869cc66ca35f5aa171713c086a40b3b7096a62905b2e1ee66593e9136067
SHA512 b298fa8cb041302179e508ad2192b5eb34a637b0a032cf665e401b16d7f040fa26f1e26d20ed765eebb468c942d5e4fb8dbc15d8a8b86ec17d1e810bbd1dc7e9

C:\Users\Admin\Downloads\AcidRain.exe

MD5 ca7d220a719d83aa0dd379dd2c31037a
SHA1 88518880ee68f2b108a99449da73ec92b5e3658a
SHA256 fa9189d2c7408a9f3bcb0af1be7f00ba71af5014a8bca0986eb11a891fa6c8b5
SHA512 eee05cd53f4f5edf6c6929a294284473c39b8193b211a3165333ed65c38ea4e9d5cc6a8e1a1ae2bb38652e83bc7d2ad20fa6d38f8cdbf3a94a7a10fb6358af78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1bdd1c25393b2ef0ac2f1f8ec9d0a10
SHA1 25c96b389ba9e69463eef41ca2da718d045b9411
SHA256 7976150741fc4cedd640246836556844bab3b3facbd21a246ee8fa7d89e958f9
SHA512 51b7deb2b439e317b19bcf45c1a07e475ddc762fd2c4da8861b92336d856bff596fd62b65329a76e28888d4a128376fcc5d1e4e138bc937661253dca97f6d061

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 74d501bbbd4abc2f7d9875ade36aa3fd
SHA1 b388d991a2bad94b8bfead1d3395785306822158
SHA256 bd9e61c91474199e4630c065e4e9c96a931f0d26aaca170068b1f206614114d9
SHA512 c9725ef46e0b15436acc9e6f5002d65738b666ee50e60c38ef17b7d687ac2cfd981c3f828c768c5f1a569ad36758a232cbed4dad440d136bf6688bca78b69785

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593781.TMP

MD5 7cb12550cde65595a7e3c06b49bb26c0
SHA1 71971f61dc97ce2e8010ea5f42bce500518d4497
SHA256 7b15f7154b63adc0009090d713a3506f0018cc8550ed3bb0b8a3a6617d16d1b5
SHA512 ef837de726091d38b6a07c94f0c9d70cd32b4fc0c5106862c73fd1838d5abef9535b5a10d81f9ead562d84d1d768fb54a264f4f76a4d65765cdb71063c57d276

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5fc2bae88665fd12c6b9f1bb0c3a6194
SHA1 684975ec796c3f989e4207d7a199dbe508963ec7
SHA256 c59811bfd90dc1da4895100694fa9d20cfb577d0a3b5efcdd820e5aeee97ba1b
SHA512 7b7b0c0161064f92a9c538b8815ab8a9a05f66fde9b559b93a23e045696c83abe980b6d763a9f4b801c51e7fe48e4cc2ae29d569fd27a147d0e5eb6f80ef9ff6

C:\Users\Admin\AppData\Local\Temp\_MEI39762\python39.dll

MD5 c854f4f8043c0b1de729b710e5f17f66
SHA1 edcb4fac70cf566de57cb36caec50c169c624a4f
SHA256 e95789b50ea39940fdea554394aa254b9d5ef8254ea55237c42f575e8d724612
SHA512 ceeca4deab147c21102c70733efad8614ba801fb814c22d7c7ed07acd678d3d8c1eae4e1cd41c9d2b74020f175f17dc1c613089ea3e4624530e701be793baafe

\Users\Admin\AppData\Local\Temp\_MEI39762\python39.dll

MD5 66f97b811b0fd8b0c07f61c374f754e3
SHA1 673235ca2728540c8ca38e336fea8d7966f3acbf
SHA256 74dc99c4fed18dc414e7d40170e04bf01ee19a6b6d60690ccdc90af12b5bf9a8
SHA512 08497397438389da86a08b98e8d7845d2e33715b9ae69db10850f0a40310ffdde3c7785abf09958ddd9ccdb45bcb30b84d0b2d93a8c6925a7d9fb80b39f7297d

\Users\Admin\AppData\Local\Temp\_MEI39762\VCRUNTIME140.dll

MD5 a523e9cec26729156ee179928bc0ffef
SHA1 c98f10709fecd28426574862dd20462910b28344
SHA256 5873918035d2b4c1073db7f1157fbf13fa558e86069dfc813660b03f08743077
SHA512 a9763d0f6d6f7455c079a20ac3db3bf6c53b2ba2beaf09f8393ce8320f5e27cff842096f81da4b39a7187cb7e75e90b22a75491f201ce638cbe904f6354f9ea0

C:\Users\Admin\AppData\Local\Temp\_MEI39762\base_library.zip

MD5 c418f66c0ab1a7b1d575a62b2b3a00d0
SHA1 c5bfb86f053c4ddc11a81f674587848f0b6749c6
SHA256 870945def4729239e020f6e1dba94c046d470129faf6a0f3ddffbf5ac5b31d1e
SHA512 8ecc87bd1afd8bcbcbfe0051ad234cc2624f782fad87d5453668235f03c11e5b8baabbd05f459456def54e5ee1c695b1ff25cceb53c0cb5475156889e03828d0

C:\Users\Admin\AppData\Local\Temp\_MEI39762\VCRUNTIME140.dll

MD5 a87575e7cf8967e481241f13940ee4f7
SHA1 879098b8a353a39e16c79e6479195d43ce98629e
SHA256 ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512 e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_ctypes.pyd

MD5 22cf43eaca1f0745896ccd7e8910f9e4
SHA1 3df4d9f7386a044943fdcea6665acc0a13ed9fce
SHA256 aaf9f6487b618aeb15dfe7d77b3f0d58185718fd68631323e56392ddef1d000f
SHA512 2e6d1cfabda0f617cd3acef0a9255e4c56868e66a7545a36f2da441ea27a40a45450887a48e0164a542fec1d6ae59f2933c2b6d95a4ea5cf4d2c249a3e886e10

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_tkinter.pyd

MD5 5be1bd3100cae4bef967b2156aa7d0e1
SHA1 51148ffb21eeb2e1b1bd01a7e6a3e09719725a7e
SHA256 704d032d9a65b92a8997dffbdf19b945360f8b5b2608f95452d163ad7992dfdd
SHA512 38aaf6802bfb6525b02d0dfd03c79d0fd441b2d52c662d30ea4f57b948f55403c18ef98ac51d504ca0384c07e8b91b2d0edebc4dc98a6b6030ccc5116a28ee13

\Users\Admin\AppData\Local\Temp\_MEI39762\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39762\tk86t.dll

MD5 4b6270a72579b38c1cc83f240fb08360
SHA1 1a161a014f57fe8aa2fadaab7bc4f9faaac368de
SHA256 cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08
SHA512 0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

C:\Users\Admin\AppData\Local\Temp\_MEI39762\tcl86t.dll

MD5 75909678c6a79ca2ca780a1ceb00232e
SHA1 39ddbeb1c288335abe910a5011d7034345425f7d
SHA256 fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA512 91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

C:\Users\Admin\AppData\Local\Temp\_MEI39762\tcl\encoding\cp1252.enc

MD5 e9117326c06fee02c478027cb625c7d8
SHA1 2ed4092d573289925a5b71625cf43cc82b901daf
SHA256 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512 d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_socket.pyd

MD5 ac90b2535025c3d2d88632591b619b73
SHA1 eee7a2803412a7bb362bd64cba378cfb5808d42b
SHA256 ed1d6e0aa8237e491dde3c3fdfa6f4df35585eadf4716473f98aa86aa0a910d9
SHA512 5fa573e3e2f712925cfc48ec5809493ef43db5c6694d2e244bebe6b9d2ceecfa5979619730321fd2a88ad59bbd5eb2b70672045e5062748ecd53fd216d116202

\Users\Admin\AppData\Local\Temp\_MEI39762\select.pyd

MD5 0906200f02e2ee5eb3da08a64f10a69e
SHA1 5afcb2cc53a6d8ca85d1fe51389632b8b84d5194
SHA256 fb4fa3aed7a7955d4f78a3fbc2a6e6e1ab8d9e3768bb8b3f3a85866d1f2d74d5
SHA512 b69e9f7fdd77f776acd056cc8a2d8b34da76e1f30a50117b9aa6bf467a9ce7178407fc6b5e2126c0eea6f995ffa8ae94f92e0632c566fc39bab29ff278193cbc

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_ssl.pyd

MD5 e7d8bbca8b419f220c8cd81b285cb4ae
SHA1 c83d4e44704d46ddafb186526666bcf37aa927ea
SHA256 5e54983cb975784a358b2a02738d9db1296e0ab7aee1503277d3fdd8cf43e41c
SHA512 628107783757d52efdedd0a13ecbc9ef4c6422916104716c7dcb62bcb5beb735ca30ff990dee2916f752c4a643438c464cd6f5fb63c1366060a8b9ec52c45dbd

C:\Users\Admin\AppData\Local\Temp\_MEI39762\libcrypto-1_1.dll

MD5 63c756d74c729d6d24da2b8ef596a391
SHA1 7610bb1cbf7a7fdb2246be55d8601af5f1e28a00
SHA256 17d0f4c13c213d261427ee186545b13ef0c67a99fe7ad12cd4d7c9ec83034ac8
SHA512 d9cf045bb1b6379dd44f49405cb34acf8570aed88b684d0ab83af571d43a0d8df46d43460d3229098bd767dd6e0ef1d8d48bc90b9040a43b5469cef7177416a2

C:\Users\Admin\AppData\Local\Temp\_MEI39762\libssl-1_1.dll

MD5 86556da811797c5e168135360acac6f2
SHA1 42d868fc25c490db60030ef77fba768374e7fe03
SHA256 a594fc6fa4851b3095279f6dc668272ee975e7e03b850da4945f49578abe48cb
SHA512 4ba4d6bfff563a3f9c139393da05321db160f5ae8340e17b82f46bcaf30cbcc828b2fc4a4f86080e4826f0048355118ef21a533def5e4c9d2496b98951344690

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_hashlib.pyd

MD5 96bdc361b3127f01eefbf0b54dc2813a
SHA1 f5900e228f6ccd1fe44a99a23cd27e6a71d2d88b
SHA256 95760d2f49b695cb0dc03720e2cdce34d1215285023f2bb7690f268e434c7871
SHA512 6a9a481d130eef5a98b5d2b40ddca1d7aa83d7abb255368f3fdca85c395b0cd0711765143a6ec8f14696599cfd4876375449272f013969a59e7f26618a730b36

\Users\Admin\AppData\Local\Temp\_MEI39762\_queue.pyd

MD5 aac0035f5b5868a3e92df59f19e00773
SHA1 b3215c188385010af8519af0a66b9075644c4760
SHA256 1ff1c01be25fd6797b263474c1c8df45107796a7e4d465e32a908d572d647b64
SHA512 a65975f3a1af79653a728aea801bc79de2274efcb5965f6433856c80f5584d16b46e339268068a3d5ca93216f0f3d81c7e79ac5a4eef2928dfeae0ed156d0b15

C:\Users\Admin\AppData\Local\Temp\_MEI39762\unicodedata.pyd

MD5 814d6938da8e46d79b64326aa967a1a0
SHA1 6d020c9ca51d7d4e77c197f5394d7e157482cea3
SHA256 4059acb95b05b4536c983ebd232dc5aec00828914e61f31674b0fdf41656deb6
SHA512 f286b6e813bcd3ee9aad25f804689e3e8bbe13a41bb5715e49bcc1dc7ccae2f0c7595dbaabad806fea65825952e5e31d32ac9b31e583bf4b7cdf716ae6fa08d1

\Users\Admin\AppData\Local\Temp\_MEI39762\unicodedata.pyd

MD5 8ce63e46ae9f75f9165af19630d7babc
SHA1 10b9155638b1d9ab707db6b7da8fb2b22001c121
SHA256 4ea4984dc09b0a99c2a5c8b6b08aec9951ec1ba69036c86a6529017330827a58
SHA512 80befb4b571b3e19d6cf0909b3fa7523738fd886255740e0301b8a7517cb7518f740d14521278d47e3f4f5bdfe4b77f7cff321b5c982f6f82bfd26427edfae71

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_bz2.pyd

MD5 c013236b137b64ff2f30dc0c2af56084
SHA1 3d600c348794b3116c0d3230a40672be350142f7
SHA256 c435022d2cc868e26cde10e7749862ee8a177fced3289d49c3bc33af0c949d3f
SHA512 8fc14cafc32331af3f04257ea38d562d419c2c8c89ccaa8ace51593e708ec9cb27d9e1bd241bc717f929bd2d8c68aa78824af6b5adf1bde0e25812ec4de15852

\Users\Admin\AppData\Local\Temp\_MEI39762\_lzma.pyd

MD5 ecd60b380b7875d2521739e7acf365fc
SHA1 487ffde1f1a31f321a87658d22a1763624600304
SHA256 1dcb9689a2a3eb1c2554caec217d4f6a10cf677701bcb6f762d6cc2111d14c4a
SHA512 37db64611f7098c08089b17a88db638ec329fa2b652689a3a7509566110afe8eca3ac5e047530d628503d713e15584ad376631576fa9d3e9efb4a1ca0c3c1709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2de72ba43865dcfd9bcba8ed3aa1c276
SHA1 66729d30ce103b6b06af70aa53909cb313a79dcb
SHA256 ef515b8215f3e0a6412f54006f06fcc6e16432b6fee9496ba92bfe88089803e9
SHA512 483b8147ff149aab617f9e0ee0222604e8c905d848ff3b4cf1473af670bbba507cb2fd4a38d92822b1e8fa239d81d3fd7c117b0d0fe59cad3688d78c65635494

C:\Users\Admin\AppData\Local\Temp\_MEI48602\python39.dll

MD5 5042c2816090b7a4e64da2fb045a4926
SHA1 5c0ea26524435fd848b4d3d7ff1c8a90e0cec528
SHA256 2599258870aa7065f94941dad4b2618f6c7b10f3e6752cd7e7a0f470966fbaff
SHA512 41bdac360fdcfb3e0c72bd75ba4dae3364c38a06bab65070ed883ea83bf47ffa889b92bcc9042943ed713a0025b92769a3158b1c0ad6d77861b23709d1b0bab3

\Users\Admin\AppData\Local\Temp\_MEI48602\python39.dll

MD5 6bb502e14103a7339fd4976dd8f3f4e2
SHA1 9ff09e5d8aa2970138003d8e97cb3d6afaca5101
SHA256 eb42a9aeef63314b908962901f4c9ad3b5fc1934bbccc1aad72b28cafb14c9f4
SHA512 c478ed8d6d1ecdbf5ebc3a4f1a67a2453d50104d98c5563d1bc09980a6b60fef3ef56a35ef65a043d58e876156b62e283b2ba9ab173a586481c325f2a5989bf7

C:\Users\Admin\AppData\Local\Temp\_MEI48602\base_library.zip

MD5 02f5e637adea94f9d58573bbc3f672f3
SHA1 4124ec9bce6cc5ce919e2ce760149ac7bd67a39e
SHA256 32c13df904c55c4b7baa5a1afe51ac701e039529268723ce62c8d5015909482e
SHA512 3653670d113a71ef2dd1aedce602da9110620e973f9e283aa709efb9c7a0d913873f097631bbb3ec2a059c4aae09e966aa71b8b785ea0462e8d68b49d33930db

memory/4564-3499-0x0000000000400000-0x0000000000423000-memory.dmp

memory/4184-3503-0x000002417E420000-0x000002417E430000-memory.dmp

memory/4184-3519-0x000002417ED00000-0x000002417ED10000-memory.dmp

memory/4184-3538-0x000002417D7E0000-0x000002417D7E2000-memory.dmp

memory/684-4497-0x000001A23F2D0000-0x000001A23F2D2000-memory.dmp

memory/684-4499-0x000001A23F2F0000-0x000001A23F2F2000-memory.dmp

memory/684-4501-0x000001A23F4B0000-0x000001A23F4B2000-memory.dmp

memory/4184-4517-0x0000024104DD0000-0x0000024104DD1000-memory.dmp

memory/4184-4518-0x0000024104DE0000-0x0000024104DE1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X7231HZM\favicon[1].ico

MD5 72f13fa5f987ea923a68a818d38fb540
SHA1 f014620d35787fcfdef193c20bb383f5655b9e1e
SHA256 37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1
SHA512 b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6edda85a2450b31e998b3c85fb7ee50c
SHA1 38fd67ed3e61b0b2e87640cb95133056aa813fb3
SHA256 0816dabe0fb98f01e405a718ce6b479f1442f283c84c34144992303bb05b5d59
SHA512 d1f1a4243793d4c0262d175810997ec16aa0d067419ed88b3e565e2c8834dcc0159cf0eff086fc14f41f6ddb4f132ef30e6864b9acef29f8ec8e2e47b21aadaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1eddb87b679bdfa1f2258d9710140e7b
SHA1 7bbb9c2b028343476154f2920b8e9427448b77aa
SHA256 00716355c72a181ab45868949359211a3d4891a7acb1ad4e11d5eaa6116d0e4b
SHA512 a01bb1925eb26f76bbf31b8f67dc5d6066c2f014a7e076b82ee850c87d6ddb3a8b813c6bdd6e9ca4230cd5afa8d95dc2e7eb1a5cedc56446063a12f2c038c77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6fcf2560772a292497f6b82ff368f878
SHA1 888896df3f4aa320bd8e697f3399a1fd4d91fb19
SHA256 b47a9752fa91e86ef66369d255933d6e4998efa58851f228ba1bba890389e3ea
SHA512 8e2e17b546e610dcd9a1cbe770e54e0c24b8dc10cd6dcfb79ac15a8f22d73f1ff93b257a9b3bec10fecf32f1c4d338258b0512b1862cce85da74975957f87adb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d821df5870c66de3be00724cb0edfc84
SHA1 5ffefedd282b0d4fab3bb5d5a0140f4604a9581a
SHA256 c820db7296ec6af8199e8e902082dcc55688ec85c3129d1c056fb141c062ae4c
SHA512 f2e841c4ae1c10b0398f4511eef5b94128a0d4386f9fbca227dc87deb6c4d096f438cceb85c5a54e70e39328e04d5e56ccc879b946be729be370c2def6c47852

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 df3fb509c668cf00eab7e63a8d4fd44e
SHA1 9e2b23d2b23bba7b9b88270f690e24d1285e070a
SHA256 c89aa19649fb223b0dcdc718b499a9be43be743e5ca76238773d1a8ea37c898b
SHA512 73cc48e56a3938e9dc804badeca7cc2e1230a685e4d44e8006a6c50dbf8d413c562230bb82e9a5a36fbff836bc0e8f0b81695cd753d2b3aa28ed2272bca107bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ead4e3c56ccaa2a03a88c6efeb30ead
SHA1 4305aabf009d57077f516b0c96f67998a045cb44
SHA256 60346d8932a492246bedda00f671eecd12286142ce8894eb5a4ecdb3ccaa96eb
SHA512 9538329b24a0541cb97320c9e3803e2c539ccbdd1cf7087b2f30c95b4c2250eee62ed4a6507aa1eb14145aab35adf565afad0460edde7090f1050c62bf01e867

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe

MD5 aacce8318a2e5f0a43c8cd50907d6d29
SHA1 fd5da11bbbcdb2421186626f461cb48fc634760c
SHA256 7217260d8d9c6b0b6c8b797f64c516d8ebe4db48dc8a5fced46eab9082378724
SHA512 8991368b7e5391b37c4584eedddfbb4041ddc554acad9742b390aad7b5b4791c106d1068b7c9c29cda9e14bd62e5c36894318246c247576162c54f30076190b5

memory/684-4640-0x000001A23FA60000-0x000001A23FA62000-memory.dmp

memory/684-4642-0x000001A23FA80000-0x000001A23FA82000-memory.dmp

memory/684-4644-0x000001A240880000-0x000001A240882000-memory.dmp

memory/684-4646-0x000001A2408A0000-0x000001A2408A2000-memory.dmp

memory/684-4649-0x000001A2408C0000-0x000001A2408C2000-memory.dmp

memory/684-4651-0x000001A2408E0000-0x000001A2408E2000-memory.dmp

memory/684-4653-0x000001A240CE0000-0x000001A240CE2000-memory.dmp

memory/684-4655-0x000001A240D00000-0x000001A240D02000-memory.dmp

memory/684-4657-0x000001A240D20000-0x000001A240D22000-memory.dmp

memory/684-4661-0x000001A240D60000-0x000001A240D62000-memory.dmp

memory/684-4667-0x000001A240FA0000-0x000001A240FA2000-memory.dmp

memory/684-4669-0x000001A240FB0000-0x000001A240FB2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6UUW6GDF\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/5768-4755-0x000002B898430000-0x000002B898452000-memory.dmp

memory/5768-4756-0x00007FFCBEBB0000-0x00007FFCBF59C000-memory.dmp

memory/5768-4757-0x000002B898460000-0x000002B898470000-memory.dmp

memory/5768-4758-0x000002B898460000-0x000002B898470000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1hsu2ziq.tbf.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/5768-4785-0x000002B8987C0000-0x000002B8987FC000-memory.dmp

memory/5768-4796-0x000002B898B10000-0x000002B898B86000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X7231HZM\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

memory/5768-5042-0x000002B898460000-0x000002B898470000-memory.dmp

memory/5768-5232-0x000002B898460000-0x000002B898470000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 921b8f8fa1c789b88e4c6e1f1362799b
SHA1 868cfa14caba91df1ca914091b8b18b32d7131c3
SHA256 9e121af0f3fc9d8a1d8b7edf4f8d870a6db985d2cb414e190df1997481f7032d
SHA512 24909fe69ffb3e7209d2d7cd276f67fd97e8af553bed9978d9dce3731272d75511e12c92a1520ff9755f9ab1d02b8b7e178ed35b6211897c3cfa0c3ea04dace1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GCEJN9VS\anchor[3].htm

MD5 4a37123455d34e351b12d08d2574c84d
SHA1 e09cc16296fd82b56aa342fc0e4df6325cfdfa53
SHA256 653597e08e07ead1452c6741c5f2c3ce7f2db4e566e53ee9ef273e8a250bf334
SHA512 1c44ae6158263f9b64f037ff45e76ab9149e2c28add779b98af349cd26c9be04074e6b85332cae1b94a137a396c5c2afcb0bd1cd4dd311a09154a38086ef24e0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GCEJN9VS\bframe[4].htm

MD5 124e0697db939d9d98432c3d4220a1e6
SHA1 cd03d205c05074cf1a652bf5476dcdb59e27f048
SHA256 bb2c857c4dae25350d6c1668c5d126d80a23ed7368e75dd1df13062f470bb1f9
SHA512 358adde3a18704a885d70f6d5c6b2465998f6a5ebc05783b301b8e25bcd76c85860473207ebf41f11a463e30b996cc63ca85f48824f34ef81fe9d351a128c742

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6UUW6GDF\drive_2020q4_32dp[1].png

MD5 916c9bcccf19525ad9d3cd1514008746
SHA1 9ccce6978d2417927b5150ffaac22f907ff27b6e
SHA256 358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50
SHA512 b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\818432a\imagestore.dat

MD5 e36efaa4065647de40fff1ff23c06fc4
SHA1 02f61a211bddfa5aa70dad98fd8f61a4e35e0c25
SHA256 cdf673062a5e4acb5d8627c13aec6012aa3ff600229e1638028437ac102da691
SHA512 199ee995db649c621aaf43c7080656f98b3c46345ac1602fdfc064aac7072d9c88f6fa0fcdb16d1bf395896c9a7623a2632941e87374a3e2a7373fb6858af96f

memory/5768-7234-0x00007FFCBEBB0000-0x00007FFCBF59C000-memory.dmp

memory/5768-7563-0x000002B898460000-0x000002B898470000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0ADODIF\cb=gapi[1].js

MD5 8c79846f2b3509923d28dd933f2f0146
SHA1 0bd969df614e46ffc63bced7d8335de2fd63e019
SHA256 1b35e98600b2582e0efe7f7c741831081d8ca0c5226986efe1e090c9ea7556c6
SHA512 7683e3983e9239e710cf17a6831381096229f9b82bda9dff926f1741bd797e12a6076ae27195638517111528aab1dcfb0191db555ab3121b77b9afac1160fcb4

memory/5768-7885-0x000002B898460000-0x000002B898470000-memory.dmp

memory/5768-8318-0x000002B898460000-0x000002B898470000-memory.dmp

memory/5768-8332-0x000002B898460000-0x000002B898470000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7aaa27c74a24c2ddde24bddbf9c1f233
SHA1 7ca75ca56d726119f4b203eae9af5d2c84e0578d
SHA256 4b1ad043b970f16c26d12bd940df9375fef3e31e592f8376133dce488c856bfb
SHA512 61938d30230f76f11be7efd78f82e238e5fccbdf7b32cf045d5b7b95b7e46fd53ec784b47ba58b86cd90dbf6491f54f0f0c5e68f4d7473ebb335f6ab99d0113a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\eae6aca1-7e94-4878-b409-5ebe6607e952.tmp

MD5 3ac4b2f83de8c0f7f9bd26f7f577a999
SHA1 2a6aab5409c3dc5ffb99abb2646d4b4fdd9749ec
SHA256 b2e582ce6e8ffb6e6423110177337c38bc501853dea8346eb38c2f8c4e556894
SHA512 bfd3077bb9c0843729532ba1838c6156aa7728313e97416e4e9c9c4b5107cdc2230d4819528a2cdfd2a3ff52bac915636572adb88d930322dc7077dbaf7fa560

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b5eb5a0381b66b276c398e9145e33153
SHA1 da518fbdfec21d5bee3d07db9c8acb67b66b6b5a
SHA256 8cea0c5f031834db5b92392aaf4a8869bd52c52086836fcd8121e424346ab0de
SHA512 d943182264162697e9b461ab0a159b196dde631737838b52f52afb6b4b8965a3d33e094245bc38a968076f0b90612af7362b7c4848d215c065238a4e5e598a40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 71aeca35d7dfe3e298ca34bea70a965c
SHA1 1d3bd76524c30862547720f50d940e4f582c598f
SHA256 0631ec28163fcf4e3241fdcfa87ff3e2f70730789bf7279c2db802c77c207a81
SHA512 6f9ba7d77d2546da64cc42d6a5051f7bacd2ff2bcbedb4fc52fc720f1c878d854189cedb29ad9ab0fb866203f9a08b47fc6047975e7bc6559eb88b01ad62fcfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 896b5cd27508ff08c9c0fdaf0c7f8cb0
SHA1 ad8702f442035b4224de44ad301f3829516211d7
SHA256 eee1c231351a4d5169bba243ec2b008ddb4c49d485650070ce2c4a722d941949
SHA512 116a3cb4c623e71c089fdff36e4930a1a928ce70f4d2d91383a926b2b887c77893e29c9de484b2a4a5ea07d37847b9d1d4346cece6bce309f95bcd1bd7d1ffcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fca310a6760f1fc2c7a5dbcc978cf53f
SHA1 905eaa592d2e8e285f1f2a0837046b3256100026
SHA256 91d204f8b12797241f9231ddb79ebbd89ce8041274672f1fd556743538a3489e
SHA512 795f385023b2dfebe7b0bc24889e3c75fba0215229b7dced021b34aa75ecd921c8bc5018403bfcea66d09740a258fc12fd9779d8d278b35106bb16813cb9a3ee

C:\Users\Admin\Downloads\x.exe

MD5 eb5ad0a90c7c3a23b51243844e41d780
SHA1 f07ad60430f5316cbfa8297c0fe8c69600f9f647
SHA256 d3032a664ef73356f62babe4ce53be27a7b0587f4c10036b4eec61a5435cfadc
SHA512 3bd11b208af263bec179931d0a55d29fbed59cca6ee8e2bb840d84ee52838401574b1812db3de792edf762258d108585fcf00a380e58b451a2e02180d3603122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6648493f921b98c97c28bef0b781716c
SHA1 f8cc534edd20dd3878bbe0fdd40124bd1e95280e
SHA256 1cb841960288e76de440ae31843fef7fe61c10a189860946410e7e1e74e5be4c
SHA512 5257294c734476d7e0b0b4f089f89ae949dea8f2a5e316ce086e8cb2c1761ff97ca8322a0dac08014599eccb40c85596a1dd34128931b6572775aec00b533682

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3950926e2f55c7a30565f30da004b3ef
SHA1 db650d1ece53ad51d029de36fbde314f07d3dc3b
SHA256 821b093eab40afef657e94cead352c98355608c7e33ea4439a3286b01200036e
SHA512 4ff1b04fef9305831b77f25abbcbb822df612e7d0d3216e86d9d9dcd506371b8537698d47373bc2bf1da4ed9fb0a3e4515e1d6358c0a762f5f0505996692060d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 af13b33794f09db53b42622577a3315d
SHA1 0e25d7f1ec192ba238993d1e9c88e40ef059350d
SHA256 a2ff9a03baa6ba10ae28ee1fb8455b579fc39d682adf6f7134f7f0193c170e1f
SHA512 c39c09ed3ffe60ef107f959c94f628b4f87ee81de35a9ff2954f89233952a1ca424b9c6d80207170b2900df7f43b47119bae29bdac92432f390a6e5864a10abb

C:\Users\Admin\Downloads\TEMZ.exe

MD5 e6168901057164d16298ef87a38efa66
SHA1 6299e0d6fdd292a49a881292cadfec443ed98825
SHA256 d67b2b20d9400ffb4415cb0ea40bd5d4652c662957cadd090d103f2976c12f4a
SHA512 4aecffe0e84d706ffc7c7535ade9ef0b5f51f3aca7b8e579ac2fd178685fd068662b79b3c5fd3acc312d6504d900591944c84e9c141c3ffd1b61aa8970fe0bec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 68ffc8b3eaf2fad3fa2c9efa121515d8
SHA1 c4472e24e5ecdabab165984639839adeda8f69c4
SHA256 7c55440ba223254e46a75a74321619d984c80c12594f801a7664d05f6ff52612
SHA512 d185026d30ec4b10b4dc3095efa30c875d7b3faef3b5d664d2f6f96a5afc01dbc4c1f2e7f84b760abcf51ab3e461c9c8d420a9fd8ef953b936676af7ed9a2d19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe5e9d47.TMP

MD5 d68ff6118db0fa9a15d8019887020412
SHA1 16e580fbc501fbb6602ba1d9097abcbbea455b3d
SHA256 969d4239b46e8dfb0d048c3f22625312834f6f4c35e9993fa0b0c0da530e9a58
SHA512 ed60876c0042a788badbcc7ac090b5b833cc291923391414aa18c9b587862310b3a6ce3818c95cc26026f9197b10b021a69f49a703210f85feb78871fa4c0939

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J4QGOG65\cleardot[1].gif

MD5 fc94fb0c3ed8a8f909dbc7630a0987ff
SHA1 56d45f8a17f5078a20af9962c992ca4678450765
SHA256 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
SHA512 c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IU7021XS\microsoft.windows[1].xml

MD5 eddf7695d5f74f331eafdaf07cbbace1
SHA1 13d91bd8463cd0ea74b620784ad9c9d9bd866c9c
SHA256 599370fb5b01278d7a69d6822578ef34ad04b88dec92a9f57dc225aca94f2a35
SHA512 bae82bfbde4c6f6c1bc5f6685580534ad5aed9ee68b117723705d438470f3f6300048cbc5c5849b0d0c34e560413a764dc49455c7882d0817189a66e4275c494

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133524967402755007.txt

MD5 f8920767feaa9c8771a1e8a267524b0f
SHA1 b4c9a4189b0957a697951e49fcceed3798978a4f
SHA256 9257a3f3646246c5950338fa48689ec51a6870f16436abeb506fac5ecaca2b27
SHA512 b7a732bb97a907536cdfa57f8205f359c2891ef3c404127f40047eec5ec12b66064cccdbd949c583a3c63f205bb6800b85ff385fe9dfef9e81072d36f9a36758

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{14cbd169-5a2d-4b34-8946-764287d9bf30}\appsconversions.txt

MD5 f21f68ab0fd9bf5b4255eddde72be816
SHA1 abea6564790813e12784c8fabd43eddbec334bf2
SHA256 9034fbd5f370a37a2e43cae5d482b84d3ed9b6c62c6ddbc4bee25b0526ad25ee
SHA512 3b75d817d4f5361a05148fd7e62f5c54b97e685d8db046d73bf4889cca3fb5080da0d8e52b4d0d34b31e927bcb9f2a073411c4597a1f9528c419aadbb2663472

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Windows\3720402701\2219095117.pri

MD5 e2b88765ee31470114e866d939a8f2c6
SHA1 e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256 523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512 462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa54bfd940ddcc5ad777f355bbbaa79a
SHA1 94c74b7c11763b93edfa69046066297764205ef3
SHA256 06f332ce7f0dd7fb6fad81d5d2219f56e2244289d821c53c2af91240bf745e1b
SHA512 588474581a23534f0f9df61783b41f0f9ac72c26d9bc2d19e6e413c11e66bd9716af676b988c759d001f3e2290164ea2224fba06e7243e98dc23447e5f96bf45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe604961.TMP

MD5 f4c9038ba5031f91d69aada07fa6565b
SHA1 1ecc7ea9c409ee547b60261828c1cf7d84e3b3fc
SHA256 20d7fcb4557aa09bf6ca25b78e89271da24abfef9e0ab505cba6239f1877f789
SHA512 d0652b53ad99570f93458e4e6cb2df07591303358b8640a45668c1cb1b2f802cf25ece845c40ee9b28cc26dc45eba5b8e5cdfdd078c742a5c384a52badae4aa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8124c2bf46f0bd1d98af5f21172d84d
SHA1 df116266f7fe9eb72848e1e812bf0f78df80c6ec
SHA256 152b20da26d63020da8d3bf47958f5f28b4483ab521cde84335e0491f028942a
SHA512 fa4635ffafd82f4bec4eb85a560ea2c90a129579fa6e05a6e9f2914bbf00ba167f67a0b47cd05482623212b5fb280d21c68252d3bc62cdd4edb04031b9208c3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d468c0bdcafec25d24a33138706e5ef
SHA1 9289ddc4e91cbfa54ea32d1349e6ad504c407dbb
SHA256 ee783fcc7c6b925456470b4ddc9cde2f8cff8b685ebe1db5ee8c730d1c7657a2
SHA512 1a540565566cdc3bb069d7d58f5b35b49db2fb2e4235bf015448774a34df0a6348669a761c6ae814083c7f87e96c1209b4726946c6add2cbbde297196244853a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3accf2d689a6491b6f7cdd94c6266c46
SHA1 573adeea2c5cdd8c16c47248887d7c2fc75ce8db
SHA256 65badfff54a9e922f3389ab4a537d81dc23f14084dc40f0e56eb9948f57bed2e
SHA512 86453dcab64311e19f28bf0b20b7756ae6296c8818e7b7c4601566e64668066f74f11983fdd1dca8d09fca5e292c55d49860dce9c4a9f05e5f9eaebe6cb9facc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ee561861dab1f07ffe033deef4b382b
SHA1 5dd9c7e0a5105c72da92c09992252d1a5cc0ea3a
SHA256 43337b78130ce99d9ed2ed503da8948d2b8dafdf5c2a72a7096603fac943bccc
SHA512 5768909740dd2b3ef1e0528dc4807b9800a9d775110454f9cfce04e63a1b234d97dd4c61d6a6db46941c9c157e80a3bdeb8a5be3414c4e192448a347d08b0e17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 239df6a9a4afb711b764144c6e5cfe90
SHA1 f3678a4268ad7eb8a87fba2fb622a73bdfaa716c
SHA256 e4e0d00f737e9c8a2cf89a533aa94fe53447bdf862ea374ae7262d76802ea2ba
SHA512 48cbe5bfb7c7999f3f0eab7e316869606a369b502c9ba103157cb2335c40d3ece1b064a30abe93c73e03044f460efe82887f344797f541f7789086aacb299983

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\49469818-29d3-4215-9f0a-35e604ed7a23\1

MD5 465936e30f7432fa8abe70e34de66aa2
SHA1 ab9046df9cb728760405e14c1bfc6b607988989e
SHA256 4655b926097fb9afd6fa020200f98eae5f0c58550c8294790d75ccfdbb84954c
SHA512 9289e1bb240e63ef784353b0c975a47dd407219d79ed0aaa3f6018d6e72b85db65da304eda643703b387cb61dcc05aca9db0d13650278d9d127aeab0ab4b1c6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 68accd33da0b1f1653601787b539692b
SHA1 43c67118d02da47e31a96058652555e16e734ecb
SHA256 bcbea0849780e5406b3071dd99332139365a385973ab6c612af66d840dfb0037
SHA512 91c90d1384103170b6fbb14619d1d59233d14cb7e828c531685402d64ba4630ea837f3a3a94ae4df436e06bfa44580ec235fbcf6a13a822aa98c519d33a2165b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 32cbde5b838f177a46d30301801a43d0
SHA1 644162f9aae8efac5b2176506bfcaa14f6b1cd1a
SHA256 fd8ff97946671b85197f630781ac53627364efea35c44dd22298b7e6a791ccf2
SHA512 0097cd9c305fc38271346af86d242b6fc5cc1043746532d6c275ba9cbfa9eb5eb34e69ceee25c9983ca455c91aea30b8b3389c56f15412385af975590f573127

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e7f055dee65f4c87d37a33c4e081a017
SHA1 a34f9e9fc93dcf3c9275635e7ddb01e2bd2b076f
SHA256 b47f6e89a4e71a4c9d5442b726b204b103b636bdbb73ff396477905e0cbfb7cd
SHA512 73e7fb7d29da57b930128dbbcecf4fa63b8d498f2e23301a6305bfaf77c4aaf62f747dc0b1c0f2512d175968323360eb9b9f70b70467e38dba5794328bb1a257

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12095275e68f3608aa5d565c342b9c1b
SHA1 264650e1b3958c4f0dbc9ff9a299aa0e5fb24bf4
SHA256 c5dac1b80ba86606c0d65708602f3a6b017af4f1736b22adf0d1f342c5b31628
SHA512 7cff87c770f8f83f22ca1fb36684aa6bc3dcc371312c1e09dcbb711b82e21700ad9ab1350650c3e9ec17bb530517d0fe296e1bbe4629b317d71622a03361b0e3

C:\Users\Admin\Downloads\4562cbdf-3605-4131-be70-ad89d173f98e.tmp

MD5 e26f1f44e0d84aba5a48cceec98534ef
SHA1 da223630befa19401c1acd16b70e58ff2421d9e9
SHA256 58740a0adfd2915d2d34cc48d7bd41378f845bd43d8de78cc2236d51657216d3
SHA512 be48a993f28f05500d5bc6333f7cb99ec9405ff549b2e05958a4b5c874b21802c2a57b1433bf69a70f01c03269a188c34747a3ccd55b6ac8159195a67b384399

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ea329ea3d7e61ad9f5f4931a1512033
SHA1 8684d83fea76d0e5f213d9d6ea6ea5cb14734471
SHA256 980a7b9630a484c48dee3e7f4156ec6551a106d29155fd91ffc5d1fefa3ace5f
SHA512 ed270cad85881b18ae4ab237e235ae80309f750a496923dccbcbbfddeb13fd42c7d2cc14e9730025f0e5841c3989073c543c0a6973c77d1f62f6729fa3856eec

memory/3740-9402-0x0000000001290000-0x00000000012AB000-memory.dmp

memory/6112-9403-0x0000000000F30000-0x0000000000F72000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d630ca65bc9ac362dd568fb2b9955e5
SHA1 4c58820f786226ac17df0db0132e6152b06472f9
SHA256 a5b794267ec1aaf65026235b305826e657cafccf5ceab7dc695ba687ab6b41d5
SHA512 2531c6afeffa02159afdae87df9c0ae9dfab2468c24181b1dac9d658308503f9ef1c1cda4c9c182ea8288118f9566f9879a40aaec4e3646f1ab968b81a638de9

memory/6544-9422-0x0000000000FE0000-0x0000000000FFB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State~RFe620d58.TMP

MD5 444daf9a77aa3df2fec1d3c2442e89d2
SHA1 075db16a91ca98d9f0c6fe3e07b44e17b79c41e4
SHA256 1722a07d7d069e2a2b32f17cf8e7f101c85e16c52d0c86fdeffa37997c27240e
SHA512 e2c2c509e6db329b46c0d671c7eba8f329d5ae68ccc16b84f7fb965ff9cb74a81ee82ea95b9da854042c715a8f6dfe0cee055b7b74dfeaac0892216af7c79b89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 40815b469bf73bfb76dbee4c741cd260
SHA1 31f8415622ec8b723dbded96d5120aa7d2caaa0d
SHA256 87a01d609297779c337f95ab429bd2c8be982082b364802f2440fcbbc2fe1c86
SHA512 b9e42a46483d1e21f46513e2a07c5a9fd68ebf5c7883d4848e2b90db076366d340d407bda1c096041fa76b049bda7586f4567d5e8f70b3119148404eb8e072b9

memory/6112-9435-0x0000000000F30000-0x0000000000F72000-memory.dmp

memory/7828-9436-0x0000000000DB0000-0x0000000000DCB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a50b1cbb7ccaedb94fae734f4b7552b
SHA1 81cdbd39b40ca9278407edef88f3a1d9c772b234
SHA256 be17f97498ad1c305eed183e6219d1fb463f3301a2d61f5de058c284b72e7a1a
SHA512 dba9cce99cfc4a6f56c5305089c3d1e726c3985865567a532eb6fdf26a35f8bd30480ff2de9738f6a2594b882da10e9bf1b1a1c511730899327cf243b43dc651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 609ffdb8f8ed5b10228a2e4f100286de
SHA1 2a79c0c9cd942302c8518fa6992f1cb6c2684e77
SHA256 bdcb1e616c5b7b4cfbbd696543d3730f3982198b78206fa116cd62d33ec3f5c6
SHA512 e0413d8b7ad6d826c9c4702c766be06d3af6e46cdd02f12068877ae1ad65a3951d79df64e214f17e5e07d87319c7b5940a3e00aecba449b0b336f4b08f9bcd44

memory/4088-9459-0x0000000001330000-0x000000000134B000-memory.dmp

memory/7852-9465-0x00000000012D0000-0x00000000012EB000-memory.dmp

memory/7552-9469-0x0000000000BD0000-0x0000000000BEB000-memory.dmp

memory/8052-9472-0x00000000006E0000-0x00000000006E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d81e52421f6f7f92273ceb389eb97507
SHA1 e4bf5f1a6c17e76de5fdd8dc6cd6d1978304666e
SHA256 98cf5d0e4d994aca43e06c1fa447472a4c5770996a9cce194dd6170892d87c0e
SHA512 fcecd820deb4260011b6f7de3c7387993e04e6ca84b32b56afcd5d3c0eb450cc017f6c111541a7211b87db000059c717d0e0e6e48e1cf92cc446bbd2c7eae290

memory/5768-9500-0x00007FFCBEBB0000-0x00007FFCBF59C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe639224.TMP

MD5 3a1fdf3c8a05caeb08164a33032b7df8
SHA1 3c6f1ca2f33d698136b08c806d8b8cb8e409038d
SHA256 dc34369265178750713aea3253e85d8d39c80165995e0cd1c6743946d332d88f
SHA512 f5119b6cca239ce3b5b308b34c3d51d5e9a124d6dbceb1387e0accc0dcfa8c99a3a66d0da3ea23c337d262967e4cde2336fe4128bd92575bcf3f5a4fd11aa86e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fde353dae2d21304f94ab2ae50a0a088
SHA1 7920eb3c7bdbadcd19d823155bdfb33198bb6c70
SHA256 89ec31b91a998028bb7a6bd8773b9d59f8784a125e7df3601df10d9f3e32ac16
SHA512 eac9cf09aa2451ccc85d4a0f22ef05733838dae2ac0fa7017b1fb37fb2747cdf288104f4d9171a815997c6f622428991ce738afa85783889a7860ba0433a7dba

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-15 18:42

Reported

2024-02-15 19:13

Platform

win10v2004-20231215-en

Max time kernel

1799s

Max time network

1787s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133524961988548284" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983843758-932321429-1636175382-1000\{3838619E-1B76-41E9-A26C-3387717131C8} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1252 wrote to memory of 4392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 4392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1252 wrote to memory of 1216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8c49758,0x7ff9b8c49768,0x7ff9b8c49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4616 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2308 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5384 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5320 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3156 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5460 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5428 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3264 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5400 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3240 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5024 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3760 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5328 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5368 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3056 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5248 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5216 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5608 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3084 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5660 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5936 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3260 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5576 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6128 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5780 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5516 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5540 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5268 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5332 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6060 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3232 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6132 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5892 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6432 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f4 0x498

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 191.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 199.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:443 bing.com tcp
US 13.107.21.200:443 bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 92.123.128.139:443 r.bing.com tcp
GB 92.123.128.139:443 r.bing.com tcp
GB 88.221.134.129:443 aefd.nelreports.net tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 144.128.123.92.in-addr.arpa udp
GB 88.221.134.129:443 aefd.nelreports.net udp
GB 92.123.128.144:443 www.bing.com udp
US 8.8.8.8:53 139.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
GB 92.123.128.139:443 r.bing.com udp
GB 92.123.128.139:443 r.bing.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 92.123.26.185:443 assets.msn.com tcp
US 8.8.8.8:53 185.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.164:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 bonzibuddy.org udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 8.8.8.8:53 31.29.187.198.in-addr.arpa udp
US 198.187.29.31:80 bonzibuddy.org tcp
US 198.187.29.31:80 bonzibuddy.org tcp
US 198.187.29.31:80 bonzibuddy.org tcp
US 198.187.29.31:80 bonzibuddy.org tcp
GB 92.123.128.139:443 r.bing.com udp
GB 92.123.128.139:443 r.bing.com udp
US 8.8.8.8:53 www.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
GB 92.123.26.185:443 assets.msn.com tcp
US 8.8.8.8:53 c.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
IE 68.219.88.97:443 c.msn.com tcp
GB 92.123.128.164:443 th.bing.com udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 52.168.117.170:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 90.134.221.88.in-addr.arpa udp
GB 92.123.128.164:443 th.bing.com udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 95.100.245.213:443 ecn.dev.virtualearth.net tcp
US 8.8.8.8:53 213.245.100.95.in-addr.arpa udp
GB 88.221.134.129:443 aefd.nelreports.net udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 3pcookiecheck.azureedge.net udp
US 13.107.246.64:443 3pcookiecheck.azureedge.net tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.appcracy.com udp
US 172.67.72.239:443 www.appcracy.com tcp
US 8.8.8.8:53 239.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 172.67.72.239:443 www.appcracy.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 www.clarity.ms udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 172.217.16.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 243.174.119.20.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.152:443 th.bing.com udp
US 8.8.8.8:53 152.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 gamesfeel.com udp
US 104.21.46.188:443 gamesfeel.com tcp
US 104.21.46.188:443 gamesfeel.com udp
US 8.8.8.8:53 188.46.21.104.in-addr.arpa udp
US 8.8.8.8:53 dclk-match.dotomi.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 tr.blismedia.com udp
US 104.18.24.173:443 a.tribalfusion.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
US 34.96.105.8:443 tr.blismedia.com tcp
NL 89.207.16.201:443 dclk-match.dotomi.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 89.207.16.201:443 dclk-match.dotomi.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 104.18.24.173:443 a.tribalfusion.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
DK 37.157.6.254:443 c1.adform.net tcp
DK 37.157.6.254:443 c1.adform.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
IE 52.50.217.250:443 pr-bh.ybp.yahoo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 52.50.217.250:443 pr-bh.ybp.yahoo.com tcp
DK 37.157.6.254:443 c1.adform.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 201.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 250.217.50.52.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 s.tribalfusion.com udp
US 104.18.24.173:443 s.tribalfusion.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.96.105.8:443 tr.blismedia.com udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 um.simpli.fi udp
NL 34.91.62.186:443 um.simpli.fi tcp
FR 178.250.7.11:443 dis.criteo.com tcp
DE 91.228.74.206:443 cms.quantserve.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 pm.w55c.net udp
IE 63.35.13.1:443 pm.w55c.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 11.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 206.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 r.turn.com udp
US 8.8.8.8:53 29.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 1.13.35.63.in-addr.arpa udp
GB 92.123.128.136:443 r.bing.com udp
GB 92.123.128.136:443 r.bing.com udp
GB 92.123.128.152:443 th.bing.com udp
US 8.8.8.8:53 136.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.152:443 th.bing.com udp
GB 88.221.134.139:443 aefd.nelreports.net udp
US 8.8.8.8:53 139.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 classic.minecraft.net udp
ES 18.172.213.5:443 classic.minecraft.net tcp
ES 18.172.213.5:443 classic.minecraft.net tcp
US 8.8.8.8:53 5.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 9p1bb7fwdf.execute-api.us-east-1.amazonaws.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
ES 18.172.226.89:443 9p1bb7fwdf.execute-api.us-east-1.amazonaws.com tcp
US 8.8.8.8:53 89.226.172.18.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 172.217.212.94:443 beacons2.gvt2.com tcp
US 172.217.212.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 94.212.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.184.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_1252_HHZPQBKHULKZABGM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 19e16bafcc9c7330913a49c9c8d092d4
SHA1 2e3f077e23b92554dd880e2143d509ad5679dcb6
SHA256 06eff35ad1f3af8a93629274f479e2850f9c4c5c11c0fd172ac96916b278aa2c
SHA512 b6a21b2f379b1fe193659765f1fbd34b180b4e006f7fba4eb912f8d80cbebe559e9a8ab6d4937812d67b104961a764de9b48183f94b567be9eabedc37602fc95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4432c5bd14da15249a95b0b1d07c11d7
SHA1 258cd1eb0aa6061e4019163e089a15eb86ca9c23
SHA256 85ab06c54f928353ef24d06cfe5885fc95675371307c8149c6ef55101a6b0563
SHA512 deb59be81dfe01a9c864b751dad2cbba65c652f4cdc291b38aa3dc659f9790a48e49c775131ba7460e26c7f72ef0073273b34303d6c2c70909226a9ee2c54c25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 257abef13157bf1e4fbe1eb6b49b8a1f
SHA1 a0b389dfffec575eda80ddd6c75261c58d5feae2
SHA256 fda7280ce6aa00c558362e0f3662eb9018e4e7511871c4e70332f71361717085
SHA512 c1c38d48c3095f656dc909f91f2ea21cb8d3469e2c5288f4cd95495c9a9ab5df2fa6e1bf5d7c1b88b9376e8fc0cd4465407a2a65615634ba3cfde8d1bb29a81b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8721b50d9aefefd8e7e0bb19fbfdd43d
SHA1 2607998f97c3bc2efb6ba74b12eb73dd447b9051
SHA256 ea4bef2a1e4652526c8effaa2076dd279ae66c1de31726e0cf9e35466225ff57
SHA512 b1afd5f467d1d52969a2e6ca9a62bc7c6ccf443f92d8da10beb6bcb27fcacae4f60327327d3ff7df3e826c1d5e6b95c72c1591bffb80b78bce86771101f43241

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 365745127f8198d94bb86cc05953dc7a
SHA1 76802cd8359ce96693cc5ca84555a95065314109
SHA256 41c07b89d792a32703ca6f95dcdd93fd5305a0cde1bf57e7f8c94f53bb9d3e0a
SHA512 be08c24c74abf3c84609798d64e3ec149fdabc8b5f66335f90b310ab952813bab8f958c214686e237006174b4ff69857a7663f957e6f6790d9eafdb830e993b6

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e36ee2cb0c0cdbf0b165996a676245f
SHA1 825767be5dbfe9888e52281ae4f91d876fec58e1
SHA256 628369d504c3ceb3f2cd37d8b49dddb6659abbca54bbb2345749ab21247fa9fe
SHA512 696bf77ab3430b5658ee36e790427d307cde9c2943181a814bc2bf496c25b3ef107e656e48c1cf7bb23b456110e14fd3df24747a31a7f1e1741ff1898b74c8cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f112f435dc7eed689f1ad0ce5e35ca22
SHA1 b2a91d6a7b48ff2f4ede825bb26917ed02243024
SHA256 9cc4f94cf5b5af718acfbd8fba2ffa84855b32d5c8c37af919639a088b82e40f
SHA512 2da1965ea42ea92ac5e0f242590002bef660d19f92614b5c861528091c8ad3f04594fe49dcb2ae15616d29d7e210f8376b1eaa4c341924ab0acca5d0b3b0eb45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b852e281983114c0ab045715a598622a
SHA1 f89cb17a58d5782073f1bfe413859c240abbdc6a
SHA256 22197e96894f7cf65ffce3dc6370826bbea2c0f39afb7f8da7578807653322b9
SHA512 421bef715f3e540e91510b9b4ba8b10162fd4abfe23841277b809da8f7eb02b8e24e3485a17f64fdb051821987e621831c045517fdfeadde76602cdb3aa6c227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe64081f.TMP

MD5 47ff7827939c242a32345e549d0d81e7
SHA1 29c6ba61f00b5fdaa72b2139361f478c713b3230
SHA256 877bd707706a940f0e139397490827442429aa1ad6f51ab0010d5f90ea7056a1
SHA512 2109b7e41e3b07e1ff43495d12305e0a7dc557bdef03238a5927173b7d93901b127619a6ef1866a6d8b29ba363a9bfbfe2e5f57ecda7578e629017ca62e7ba06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 01165c160f20479fbd4da21c95388ef9
SHA1 b4e35314a571d844329149d7474bff478011d1f4
SHA256 2cd199870f5fc72195ad29ae6194f6750960583b5b5a1ec3c8722eb5505767cf
SHA512 bd2124e3f40de846448f037fe22911f0cff4f7c6b2af4cf8650bd5ce81454d49c6321a9593834d528075dd31bb55122320670789ce78927ae58bdf4e2875141d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b4c0be328a8380373e746d1aa4ab7431
SHA1 cc7031eb17cc711f9f7bb3c38d15a6b988b1871f
SHA256 b1a8c137b71b8e26c4363b8fbe4e463bcc0e269676bce53b6d4a2e37be3dfe47
SHA512 c59a0b5dcc464d7ce938803d2ae76112e7c778758edd43b210d083b925c7296c58d285e91d191c2964fb7b5a38c16502b0a4a602fa3525692927cee85eee6909

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bdbd9994cf02c49f40df9a14d87e29b
SHA1 77bbfb3ee6b408f08b1b5345d239380419e6d1b2
SHA256 fcf4ee9823271739d87c2ff2751142d1555c3b340c1bc97cd84ebd6999ad8156
SHA512 65ae367da1f3a6d9a0468514e89443efdb3d86a3d5aaadbdb82a34a60496cb97e2e6d517b7b9eaf0d150492a81f6d02b16ac1e03a346349a510a485f07a63792

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f595d446bb6573dfb759e58e241b8887
SHA1 7a3c8e4f1efad50e146e2b8b3a3d141938f3f7d0
SHA256 b7a0e411b4405a6a114075b47aede4774817be6ea873bcd56a026714550e667e
SHA512 ba84b26d6f207ce555d89a2c21d875bc846254a88752be32f66384ff74848676f4025a83842b6a82dde4dca63300d53a50e032f3096cf21e7c9418ef09a82da5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 de0101c9da168a4960f4353f9999f838
SHA1 cba1bbcca61cd6007a96485aeda1bd734481fd67
SHA256 b5d1fb51ddc2217a4c2b06193e9dab7cedb37a96b90cd5d544390547df333da1
SHA512 bbe4e8e4a3858972af16aa69d59a0c8a48a34898f34c077bf34b472b04b54862f62806aba779bba2ad0295fdb21ebd26775ba52977a2c9225350bd485ac5e400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 368050b8871b73c9795073699d26799e
SHA1 25763dbb7bb4e3d7d496a62ce258af48972d07d0
SHA256 a7d614217a4ce6ee94718785055d9d22243625328e7ccdff3092e69487d7da91
SHA512 d02abb37e225b0c40d256bea702be1c1bbb8062d404e9941baa3c87525dcf88fbe57b0cdcb9cbf28df6687eeeac32c7a1908567907ac2a0f19798eed33a32a72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8312a8a8-82d1-459c-91cb-16805b75642d.tmp

MD5 bf486adc0f395013867449f458f23715
SHA1 965dec3cc91ae932f3fcb83c8642f234f16cb3a3
SHA256 995eead9e660bb3ab722abb989e3b2a9bd541384b4a00d0082a7fcb825db6e9a
SHA512 6d3ab1471f626110177cc99553aa8b1b05ad74d3663dd8e6a1898ef762c32d6a068f268642f40821be85e5ead59ff33bfb6114a234dc8bde9d51d16acf6b66c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a3648c69cb326171a7520833b911c1c6
SHA1 e7d40707db0240951b5651ad35123eb2582dde39
SHA256 d1280653523af19b001db8990772a145d55a01a77e187e59482273fe5a6762cf
SHA512 6fffb9e0e3e7b4a7f30a1fa8d49023ae4beb8bc7814e760d54e9f3d6077357e8632835ffed3432e182fc4d53f89e4c9888c6cde2ebc4804cbfc48439b92303f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 97d4503ed87b6832b37f69a8e24fb764
SHA1 4c9ffcbdde9f54a18f73c85f6768029ac87ed761
SHA256 5a511d346aabdf94931300bb8c0c3622ae711a54db121ed0d2c9d70b1bf4a587
SHA512 7337c5a9aec97327411f5688cee6d17dc7ed5df8a2666402a81885f5ad360694e05827be5f6719077a85eb6bfb2997949fe0410624171afeab72c926436e8996

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\db4f8c37-83b6-42fc-b1cc-2c75de94f613.tmp

MD5 fe3b453eafba048c8fe235e4e0b058fb
SHA1 c1678581bbc4eb3c0d059f6f482629ec408b0971
SHA256 95515d96423ffb9d3951e61094278a451cc57cdc4d67300a1e77ac46b0a353dc
SHA512 cd2ce24fa4488152bd78e718a2dd469c353d328572b8b21f687a5eea38237d43131656a2961e84e357e842f25491d3f3cfc259f06da199cd0507fb3e983a547c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

MD5 fe0d5205d7ba0c2cea00dfbd2d5b0235
SHA1 40a233eb9f9376c19e9ead15ff9bb17588846a37
SHA256 bbb07150c9b4bb99294beca296824c4f5093b05f72b328296603ecfec07d514e
SHA512 b5469205fdeceb930dfb4fc170be38e5dc8c35a0d78a1171585b3d38fc00a5ff46caebfabfe30f37910f5bc52fa89a3ff8d365ebe26731334fcc7cb2c6d5a29b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c367866b247521b08a4830d9e7f29d8f
SHA1 552dc8a2958ef984b5440e61f7f318c6ecf28444
SHA256 11f3a882b216fdd677fbe41ed6a9d41e27347d70657ca96f83523be1a9f2bd2c
SHA512 74be5b6358e330b584ef68246e03fb8d42f9b649736c4aca6e1dbd8b260db19366024fab2aa6d26d46f5de4e2697407a060627dddc9081d29af86b18d1e1130f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70400170e13a6ba6eb1c5198bd95ed00
SHA1 f04edd524728a1676c8cafe837a3ad9079d0d1be
SHA256 50df661f809b827790881f443553e8435a59f3a4aff9a73477db2a914b0ee7b5
SHA512 134e6e52e7d960073f6ad618a05139955b16fc7ab4a797823faac4ca4c7dc8e4916351186e3106ff8093b6e234c9c5fe96710387d3f6aab086b8aff0483e974b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071

MD5 ac84f1282f8542dee07f8a1af421f2a7
SHA1 261885284826281a99ff982428a765be30de9029
SHA256 193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0
SHA512 9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\db3fb09d2e702930_0

MD5 3bdb6f9d27c8330266b7d159cc637eb7
SHA1 7ca97d968b3d61e356fa4d8a51bdb0c6537afc8c
SHA256 0017fdf2c8205db94dbb7fd5b4569bae3d09d44818c1001d5cff860774b9a736
SHA512 8b5f3b568ca52ec5929394893c882c6baa1d080e6d7b2f44e82fd68e2f54c7806c028d26691d5e8c5601ab001e6c80b44d22e251e31c81c04f0566aef06e81b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6e820f09a4d97ba6_0

MD5 21fb02216396631165605f31ccc6cb80
SHA1 9624f0b189d9d909fe888802fa09d93c94790544
SHA256 ee5f2b9ed839a6d7582d405072b7dd5682fe65831bc915bc22439e5096573574
SHA512 a0cd98610599fd20c6b7e4ac2dcf09740a8ba2efa1b583303a0fbf606e9c2aa3f48e97cb269b8cb049761117c25581b91df215003e0725dbc18980ba651ea206

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3f87826a89c7ff0c26f14083b3d6891e
SHA1 c3bfd4f138c578d80d6f5125e8c974d92047c577
SHA256 0d8cf499eaae8bdd9ec9a3b969625c7b6eeac504f0a018c23dd5b4ec20567e09
SHA512 1173e5b246e7a31d60603531a7e1628289b593f6b7a22ae08d2fc8146bf4a470e3862babfe6510a93158b9dae2639f45fbb6b72883c27d1dd72881b9e99da5b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\79d7b9747fa2bfba_0

MD5 16e9a767a1b0eab38f30165a7ad554e6
SHA1 a6c978d6d4fa484673a9fe687ec00eeb7e7fd2eb
SHA256 dd0667cea27b6f074ff0f62903c3942008dddc72d5ff28a73b3bbdc3231ba006
SHA512 2b292ee7a08f2419b257697cefc7bb52f6f3dfdfb2030b7d077008d3586c0521f7e3802fc7f63d6e36dbf522313495ce003c9f4fcdb0893dd7ae818a26dd2ce3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7aed23d576967968_0

MD5 3d66d3646e908958ef6a4728722825c7
SHA1 bb8ec7cc9c93199e3bf664fc7a9c8ac589540b67
SHA256 68fb5dce213946eaada62ca577335bd68407422912bef75c7a2325f9f2d0829f
SHA512 db3b7b69379148d457cbc907c7a8a6f9820702c1296169a68f18b1920fc47a2480fa18d3fe3fe4565a0f3a2e132751f90c82dc0d161be17583db33959cf3bd1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\20306d17af3f9e23_0

MD5 5482682c5c3644431a09fe18c72d446d
SHA1 2d6d0bed10fafa72636df339d3c003587c1898f8
SHA256 a670aff9d9efc8d1f43073d9d01ae9a8f25dccd174671868cf9a681f442c61a5
SHA512 6547aafd690174848f9c9a7005c3c68f7a9fea4eb1d3229b22eb940165b1ed74e229a45b9d0eeb56b1d6282cc562ce1a31303850a13970cc67dda8207e4c0551

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df53bad28ea1e322_0

MD5 d5a82cfca5c1fa2df56574b8186dfe93
SHA1 f052d7bdd59c41d36da8d9623478f23821db4ada
SHA256 423040b2a65906f5944559d59ab43ef368705b659eba7885d57daa45b311e445
SHA512 f1431d26d7d8b80e3e5b3ddbe2332b9ed5802f7e39d67ef0edafcb29cc2679f55f44210d159732ef076d7a7e7d4500fdb3ea7c1d9be6717e62cb9b2c45ba42ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089

MD5 c18477d1f0a9d6b7f25fd3c0a57b58da
SHA1 acb5678eb73a7a2a629b3e4b3d0a720e68fde83f
SHA256 f9dd1c2c82375ba3fd2da5f4d6a50818d13222a6cc3b9e7ac73644adc1c616c5
SHA512 4c4e1700bf8134f77644737c3634ea9b972781139b3c5bc0d829d61340a46ee1f0df89dd555dfd450b32d6fc5547875560726ecb9dbb3249055b5fa9463641a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd6dec748d49f12a80a18e4ed048384f
SHA1 165cae7ed1acd5734d9aaa213b663c94a9589fb8
SHA256 77149cadaf5525aba195479867190a3755e29d46b774b25b946e2dc4fa9a27b9
SHA512 235fc9f478b5a771bdb9be6862252d73e07d2d1e8188ebbefae357f4cea15a2d19a4b9b9ceff96033f70994da11bdf0cea9223f07c43fb6d8c47246a7833d7f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\37562c5c-f83c-4304-98e6-ca7f5a82492a.tmp

MD5 ac0a6f96856f800de15a0ad99cc2f461
SHA1 1188e0bffde2da07ea21802741900cb377976332
SHA256 ee97fdab2d277416d6f30c4bc1d3b2653c5c991a589c6ce09427663f629e4ea2
SHA512 21599faced9fc13b589111bdd91c7cb6c7a157140d8cab8387715f67cdce8af21605c9fbbf4e091309dc2c7bd81c74376110feb0f58a45f77d5510d953a1a7d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

MD5 8c91894fd272a1dfd4a217aaf99c563c
SHA1 040b39490edeb78d79d05731963c564642fa0b6f
SHA256 ade54c249722b24c1b74b20616c656cb79f3932386e6da33d24331e4180cac23
SHA512 223901cc562d36501f5c6fa3f44109f3ad46e70a5027a89f8fba32f0f2896d38b91fae981493a64ac454cb0f995a671ca95ea88236f20efeb884537d1e778d0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2e0c50d85d85b99e4ef1f44638b50676
SHA1 26b94de2fa1c45480d90e82602317e5f5c9b52ee
SHA256 67997b2ca1727a12563f1a1f74355321db12fd10d05db236436a233465a27612
SHA512 303c04a0eef334685bf84e3d627e6893234eb94558b23bcdee81e376b3f2ece81f4c3b5c7bbb2ed27619d4b8bcf9613607819981f4d100b57bb4abaeb9f7182c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e390f250-aa58-4994-944a-3756cfa8d84b.tmp

MD5 c91ff9b196339e9621759985cf1db99b
SHA1 13c686c0b68537759918fb9c9b7aed09212bf823
SHA256 b79ae394884dfcdbc7259c2d3bda6663500fff7a9e7adcadbdcf3e54891aa21e
SHA512 2c175ea832ee510ddaa61843064679fdc17d486dac0477dd938f16248fda55993f8370b0b8afd29fc8b585ad6a9e4772f318bf536a3efeb2032a07f66c39973a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bfdd78cea0de7ca26e4080c07186c8f5
SHA1 ad964b893c335a3fd473179427470e9a14ecb2cb
SHA256 2eeb2c6b291a1b429af86c0bfe35b55aec8bfa26121554beb30740f43ee6d423
SHA512 c553a7168db550c70938f7cfad2a922025b44b99f6cf97e781b2890da817158de35524a316ad820cbe15a6b414d95502fa8d2f4e8f0d415554589101bc002164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 ff020a23ff341f39685184ab01baa474
SHA1 de7bd22dc4040ea4d54fea595912cf7bf06353cb
SHA256 ca017a61e42cb8e74a8307a5c0ea3e94ea4c2c3a4e19e040b8e2cadb5ece9945
SHA512 770c4ac95226016971a4159200c4d8d5d722089741eac73beb49b9eb1fb99a424de12bcad6fe8b267f519b72743a2b98b32253ea07e999afc949c6e19a14b1f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

MD5 a464e92ca78ceb6fa320f32dbf6d72f0
SHA1 b338fa47b6ee84f04a04fb0a8bc5f163266f996d
SHA256 d6c97e3110a7855f145fd5a1a78978438eb88ba6037670a51c387660d515ffc3
SHA512 74bf7d4b494ffafa8bdfdb15958aac21b9d15d4706e9fef5d2ee7146e314665a2330f0847206cb0e539d4725da4705c501834f4c3651e49efcf53462d063ef66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e9a9eac773b423b6_0

MD5 83eed36f37a9bd9de022b7d28b0ea2aa
SHA1 79d29ad3053dbebf7d74fd0a9182333e4e2ea0a6
SHA256 282a52fff9b459f26be8bd4d24e47df2b2ce1b3899f7a6849a629e74d3dbd770
SHA512 ade5941b18795241526f2b5fa2e3f5c7d10fb221126df6173fbc4e2f1fcc11a385179869735816ad583c87dcb43fdc40d047cee2858336c746c2e33eea1aca7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\693ef6237f6088f6_0

MD5 5fc3d3f69ed09ff13dea4af357ede9eb
SHA1 34168e98afc452db9805328b3ed6380efd65f67d
SHA256 fb4a325c569f1081fcbcf76e5fac3665f48302b268e0f8cb9768f06fab9d08cb
SHA512 8cddfda9ecfc4e64356b1efb434b8f52fe617dabf8ef63096341f8c599bbba74f12b29f4742b50dfd1746c7f5d4b9d5b6a539a7276424e124b1821417249c9db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d368a4e191441ce9_0

MD5 e7cb5273cc80430e93bcdfada7df7d41
SHA1 ac498ddc84bf31cb40e0ecc29bb320754c1adab4
SHA256 b1c51fed4a5be6ea35ed81a08066fe15ed6a4378f50060e87f23ecf1a5c8ea21
SHA512 6bc7f100549d95f88ae3b61e719636c2a703486596e91c3cb0392b095b55b7a0fe1be3aacc51fa694530f6a9fe335e413b3e87fd229f3c91ba7692c074077c6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26ad2f9dce92e37f_0

MD5 8353284b577c929bd0750c13600bdf84
SHA1 467e2a17dd4599ecf4d5225e134ab0ffc5de414e
SHA256 eee73c59aebb2f80e4a08d118326c711370ec43e8e8c0a1fdac9b1759470bb78
SHA512 78ea471343d2d1e06a5ed7f4c8d1ccdce00de32b83a9bd24c6d2bb32a4cfebde27fe2f770c63fd82fb86f50c59c153e59c077e8a88873749031ae788caf633e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e54b6a572f4b4b52_0

MD5 c509b7ad813cb7e57c2c1ae0eec42cf8
SHA1 3b2f09303c18b288816585c750b2f06263af6d01
SHA256 ed6430c483b2ecbc5f4282ffa4d42af92ba8939d28fcad5e707be3fe1299e497
SHA512 2da79c36d224a5eb61a4cd77e0afc3800778025947e6f0c47f56e55fd3a4a1ede92c5a558e7966b8886e5f80646bcb6552beb9a06956022a1a9d65c3330c6495

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8be4ccedb1fbdfb7_0

MD5 e1ae97aecf05972768cfcfd4ccb1a5d5
SHA1 f82a1a5b8bc427d1dddbdabb98ac862894923e4b
SHA256 77bf8dbfdd2eac5676b0fe7b9ffd15ed591333133fed48ccd8a95ff44a451aa6
SHA512 8b7157c1c599632028dd92fd534998e7f35ef03fd52aaeb8b2ad9dff043942315a9711f9ea9e0dce324e0230ccddf37a01c3df270eabacaaa8029ef695cbfec4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70b97811cd6dcb3e_0

MD5 9c1ab7a8d1232278d7a1afd7b16a9a5a
SHA1 e8592c813fedb014937439614d498ab6ce597822
SHA256 a24bf45b0ce5b7ab4fe3643ac149dc413c7ae822e282ab2763b51bc736c5da97
SHA512 7046bb158f91f3c979ff428a6d8b8597bffd9e38e70ccd919438216894b6848490bf28807e2e9c92e7023b32ee7c5c30cf3f28e64c39cea133a8423941b6a1a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4da1420221cdc423_0

MD5 2380b6c235e47747c777af3964fad7b6
SHA1 c13ec93dc34fda279cce03f937f6081daacbbe6a
SHA256 b908c5631fa95fe8161ba1fef38604abc20b12590d37b8b6b347a611c1045e9a
SHA512 f82f1e9400c6bc974ecb63abbf513b938aa754a8dfe1aa15faea70f0339f6ab8aa29ba2f9f0b49e557c8ba46689b032547646e2ec9724f15e8c245b90b72cdd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f27bbfd21c2c6b77_0

MD5 edad87d2d31e0f75e2d821d634584de5
SHA1 745750bbd067ee562840b17f86bbfaf81e71ee39
SHA256 60adcaf6bba8d70f0362727cc2a15a20a5d0aefeeb3ee4ea55c790c7872bf9e7
SHA512 4b73f28571e6696b5d5ffb61fd2bb7d18c6ee43dde8fdd8fdad4d70ec24763848acef8867b2a31643223534a265898ce7e536350e010ade77c5170027c715dd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f6eaceaff231a835_0

MD5 5ba8ee56a88654d71aa35c0990baa4d6
SHA1 9151dac0cd5ed278611c5627b2b666f5eac75f9c
SHA256 b8a3189a09d2f8f13e7cf8113fc54334a620c919de917f0a09da5faa8224ceca
SHA512 4bcfd8a483281a9b5fd5c6b84bf2447cc73d4746a859399070e5966e12cfee1943f4c7dc43bed9735dbe2d86c4dd2bb3bfb26578aa1d2bf2c437c4a2a76ec9dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d12e889e39d1e1b_0

MD5 7b39ec67b537fa3fc7797ac16a997eab
SHA1 bb2bf99e1dedeb2c72fa9552fad35a9659f3c7fb
SHA256 5aad7c8fb0f52ad27accba96a51c32d91a6b65652f920c796534dad6b83d1b75
SHA512 004df3be9dab34b9d6deb99c00f72c882f5a9e03780c86c79ad297dc1050594a0cdb103d718a5de2e2c9cdad2e7b076ef6e9e7c40fa3f74f7d98cbe9dc6616e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9415cb8a139b568b_0

MD5 f3adee8e973e4bd3d49a3379055d32bd
SHA1 fcec1df6e0863df74adbf1c190c2079bfd7319e9
SHA256 802e0dc573ad794a2753c269c8c95b39f7a3d0a06ea6117c8aba9f946345def2
SHA512 b4414006ee8f6855db062c2c5bbd6e895c90d93544de49d10dd5c2f374f3b587572eea5222cd5d6618636f91d0464bf21fa7d58c2c5e5394fca71e8aab591621

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d53cc71ec718c30_0

MD5 3e9b82100bc68ba4033a01581135f18a
SHA1 928a7eedc4c0e80c55b58576cf00768a12219d89
SHA256 46b54984ea4f5cdc0cd7c31e2a55f516e8c2dc36a949bfe00cc0475ba2a74269
SHA512 f28c1bfb15da183a8ce67d61fc52deae16c061005ed8dcc46c6bce2c3b19f8b1219a5952d77264e6ef04cdd2974d674081d73185f7d8bbd870638493ca787db2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e9e46cacf651084_0

MD5 e774bd321bfc6fa915b3bcdb7d814e83
SHA1 aae68d234149900baf900e309077b727acb73c50
SHA256 d3468160cfdf64cadf833eec414c9c7310d9b3e7cbcf5466c0e2c0c6c7f4c1fb
SHA512 e3c45ca56f830ff553529b4ff06c38e13734538a0d5d3684fc8c4fb014063e1218ad1706c4a0edc1ea6fd05ae77a56d392a1a498aca57b735b3663eb9d82ea32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d64f822047ffea73_0

MD5 2d4bd88752048ef1d5d9b937b22bc7e0
SHA1 b2673744a8f05ea98b9ebe8bad06a2f342388f28
SHA256 c75f6ab6e23a9b26b15dd9d782a095b30aa462869b3fff37015b90146682be7e
SHA512 25af675dda1aaac3f82b2a35cc323c1ad6b40983871937590b21c3eea4be300d95a8acaec67d25f4681496c9a4d20e97fac5eb25ce6fe929b3fa778231456fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3e6068678c93f8b_0

MD5 ac1e2e8b9770221ecba5bc563441c1b0
SHA1 7b279b288ed53c3df35a69aa0af00fb80e5909fb
SHA256 bea71540445893ea02fa2504208bfa8066bfaced895093e4481d6d3c4174fc24
SHA512 9a733e4ea2321d66cbfe8f11be93931e7d835afe326370df95aaad3954206e992f1e0d10aa9b98723aec9dae2c04a30f336144ca7a9f9a91c16b6a1c940ea021

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe9ab3093c5dc7c2_0

MD5 97107dd72600bd48689a19be0b02c808
SHA1 3b2d147b4443bfe9dc3f3b76679c43ddd5299405
SHA256 90ba63b6641341755c986aba84dced47e7b68ca4dca1c36514293ac65f220b49
SHA512 7039b873e470d7c9014a0936a8da8fc81a2569583ac4aa3110a603c07420dbc93bdddee19b59859884d7098207fbcb2edf9b428c84fb9e8907ba907d28f956ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29905953d9553b50_0

MD5 a04868f389e3173c34a060cb6d2449a6
SHA1 ded9ad3865dd1724b9e0e6117b5abc50e49f930a
SHA256 5d9d1011a8c53fc4116a63de876ee8d62c105b683ebaa41a5e3205fea43f0dfc
SHA512 08943ea78fc53b1a50d92cfbe8a30a9e6e16a6a4d684dd8fc23810b2560046f6bc0e09d16922828cbfd3936c6bc57ed276872da46c95d95fbe6998dadeaad88b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4cb7f1c3dc82553d_0

MD5 82facb42e9f44996c60a0b50531b31f9
SHA1 ec288af39d7e623c551dc81cc432bc3a51b92fcd
SHA256 03af905e690b40f992f4481db16977460511c2b16a77a19e2de566bc324d925a
SHA512 a962fc2e2f87505b6c82fd7e9f838202176cedcac24b3e07036e701960f16e1a3696b983076b7ebeb4b6db82bc12b13a5110afbb4d0cdd832ecf85625c7718ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ada99723fb940b4d_0

MD5 75a84bdd521c4f1e35c76dcff480a05b
SHA1 a9f760f416ea622cc8f6476748a7e482744ee72a
SHA256 2e9ec835925e833d56e3d1e874fb743ac0fe39fb90eee5ee6fa11c565477b31f
SHA512 653ab3f1715029b18e6c5969bb044a698eefed89aff332006b3bf9793b0d3e555eddb06d0945215cf442ae872a183205b127d93c0698fbfe8d95d55fe9c79e09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4bacfbe0da3dfa2_0

MD5 94ab976ab88ee8373f9b953671ae6867
SHA1 dc4de8690c03dd4e72afa65de9fed90731eb4118
SHA256 94e0158c68e8ff217cb59909a98172ee28887f66a0b5f1f0e15da437181f856c
SHA512 a11b561eff53f0b722770037e1129411219ae8bf64f74fc9c611a6141fb5c2b6cd2c585c79aaf7299380735fd9ab963a28d62b4188f7cc8ca7b37074fdd8f28f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\82fe12d7c5774647_0

MD5 ffa1bb9909ff63ce78e2d5b5f68af3a9
SHA1 c6d06a687f8ddacc0740621b39694988ea79a244
SHA256 a881b1f42d578a00ce006c15f0dd757da9e2cb5dacbbb4defefaf0816b6119a2
SHA512 21dc87b43e808457e49aa11451a6606c8e4a1892efaaa3acb6a5aa05bc2f3007c2be77ccf4764ab77eca27d52621c0c52aafc553b3480cf8076c4c0673522ac9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8fb6d0b6d0a12ce0_0

MD5 7d241c9e5b22f81807c79580d68b47f2
SHA1 06045e85b5ee102992dd4512982d9b69016906c5
SHA256 af3fa2041c31104083b2605c8108c6987cfd653c80512ba36bb6c5d7e9b1c6a6
SHA512 caab3916f08dd1089fe8bfa15ce7ec5aeb1e455592f1ea9b90b4fefb99d548b2edd8cdf763d8a7ffd77b33f466be52db130214bed9066a6545e2995c33a4515c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8082cc7e81da7171_0

MD5 bfa62dbb9697de69db9048f60a2a590b
SHA1 686cc17568e1bee00eb126ce3d274dba712d6e1b
SHA256 19e0a1a9572e97fbea2eba74efd0d9f088594b07f11f818c9b2706588ae433fa
SHA512 d209759811c75901019486ec150eee537274a07affe422f0df2791e7fec9eb7aa22c04beca9a7dbe03df151448838bb079abe9e0349b393e4da155aa75ab2d17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\13fa039c7b8f70ee_0

MD5 7d11f33013e01e71ed358d0c093e4303
SHA1 a068c2738a7b5e60a163bd5e99ce49639aa01b9e
SHA256 20575cadf2b2b9311440f50c72940f893965fa6f0fb8e890bb69f974d73a509e
SHA512 9015cbdeced5a47967ac9f3d59337838e4d6f6ddf848c01b3e8d015f71d13ff06de7fbdbca453b34c401f6900d8c01126b44fd63d0b4fbcf7ad3d7969156e7cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\53a52e2ebed62e67_0

MD5 6c1594367126b4dfcd157e8fb6bfa9d7
SHA1 eaf23503406005fe767280fc8897e288cd636145
SHA256 65bb6aed3f19c51bdc99d7e72322f30d3415784851ae1c9ed0149f600a1a0a47
SHA512 9d4f22daeb4efc39272216cd3cd387cef881a97b0e71a0d3f848bb485e7ee8acbe0982d2ec58a10ca82f11c8367f5559d1eac0ef000841d0f5fb3716e5ccbcc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37e479844c19ac3d_0

MD5 9da699e335e37e5e8d8e15cead05289c
SHA1 c97035033cb92673d556224ba278d20254119703
SHA256 2ae830f1e74509c5ea8c61e2fc8543da700f46252093e3bb18a056fb55706dc9
SHA512 fdbc6bcb1265d575eceb40d91cd0affeb7e0b01c0e20a93793e8b745afdd4d464b0e8d47b9d7e64f90545aa8cff8c4ff77f44113f4c3ceef82ef16eb959bcba6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ee1814801b7e1217e3e269919f69de5
SHA1 3de86b5fa68ca50d4070e6a785b3d0cea8333d52
SHA256 069a8cd80a6b911a0942355ca4dc168d4cfc7e145cfdcf71d31996179ca353d0
SHA512 b08c8a329b0778158412a239cae47190739588555187ffcdf83b1b075e708eb5f2f3c8ee55d0b92ea6f57eff425a08afa51654fb09bb4c35206b7f815b592133

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c5ee3e7029a796e5d77cc1beb06e403
SHA1 1c90a9a1c2b7dce8811168c619c13b8fa60b7135
SHA256 1a512a898ec37b3e12b849370c18f387b20a9cc4c0d3dbdae021d15311c4c225
SHA512 e7d1fb0e6ec9f5f8113ad9c91788a306a27d272cf91528a4d3d0929a800cb167c2f71b551bed8461e0145d03f29d5c5d0a1a19c58a13872632590432027e311b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\47882720d0eba4dd_0

MD5 10d47ba957966877fbfd3164dd93ee8e
SHA1 a312db11d2e07f6f7a92933d69eb99547409d9f5
SHA256 8a9d738d201388d1f0af12066a8e003cf7ea14aacea322375308852cae29d9a5
SHA512 b3180a65ba4b29b0dd6fa7b43cda1388f40e6a9f9472c7e703e8504ac5b4c7b08dd8c2148d6d70f2e0d506c30753f139d5ab45d690dac3c71ea7dea6091f96e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ccea38d19616e848_0

MD5 1d0495a07d053f8c75b734b98e62e521
SHA1 dfe8747f8b970fef1195a665aaf70ab9e28c7fc6
SHA256 4a14ee25f0bc243f67f1c33b48b84f2b54e8570752476f73f544865c2d69d611
SHA512 922f8f9135012cc0f2517bdfb2e05e9fe27cec2bc5a9113025cb196a0a8e53784c8ec9b253be02cdfcaa6ab0251728c84a06a12de39aad21b54f273e0f7f7c48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d24e73ed74d0bb64_0

MD5 2eb8f040ad3a77f4e17ebc31399a10fa
SHA1 8fa03d398ca45493408b942353cabe7d47111f77
SHA256 8021a82fa1b91a183e126dda8e6bb4ae52207991b50fc4603f763a5ef51613f0
SHA512 8cb17f0a00aad54f64049279363fcbe12f54ab8a41bbe14db2eaa11b79bebebfec9adaf7e5f6f7cba1898d3ba57222d36b926242590a61527747578fdf95ad19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\829e9d52170cd37b_0

MD5 a5bb89f5535167167b006cffaeeb0429
SHA1 a0b17c086e0ab9e701bfe17784ff1dbfc3953308
SHA256 d34c1229b481e2cd0da0caaf979608e26b723e9248c3b347b962593295f32f3a
SHA512 e5fba636bb2598338564d807aa0c38b1e7f50f2d55677de25d286d20a15723655f15ca696f9c412546f7944224aac3bafd809b211b5f188825c8312f303e2ce6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ee34af565106f44_0

MD5 50b7cae2622948ff6bba07990df3fc22
SHA1 e407a131b87cfec5114bd229c4d0510fc679128c
SHA256 8f65ad6379320e0ddd864305f08985593d9edf27e385a4e9808347c12330c8ef
SHA512 d5366219ec42602303d432fb6da9350f0b24c99de8578dafcb203d0c0170fb8711546fb4ead7208951c029dfe2904b045b120c09ac88feadf48512675cae36a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3821427eb1608eca_0

MD5 68fbaa3050022e60963468ce035c967c
SHA1 ad9226b217a7ca83c2ae6fa06f9b7d2a21a65130
SHA256 cb364774dbcd73e4c4083c4a5e3e77510145c8b25371916d09ed3745785c7cfa
SHA512 58dda0b221257c8d141092fc8f61ef287c73865d826182948d2f3fa0c36604a37c3cfbdc67dc92dbc09a9b96c1a5e482b667468781f25e705ffcc6765113853b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d9d0c91544146ee5_0

MD5 6da13987b500e070974d2f97dc453484
SHA1 adae8a91aa926e101adade3949faeb4cd347d18d
SHA256 cad866e0f25860f3153cb060f2ff5028e36781cc4c18c05be37b761ce51ffb65
SHA512 db2b71895c5dc4a7ff530bbe067a97a55700ace30c3afe380765108597254c73f65c248046f5d66db6ec2d5639c806699c77e0679c02bd3434b90adbfb23552a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a3d6e445aa76e89_0

MD5 190b5d4605772b61be6254a130bfddc2
SHA1 0184a8bb89ac977d5ebd206a650a9fa127f13505
SHA256 5f8207fa9919157f6bd3c76f470bab3ca7440e9ea9f63e197fbbbdc33ae06932
SHA512 baf4deccaa6a126923bf565fe9917cfd11e9df62fbb3dd1109772fd62f5d8c76f5c0d8608cddc0f7b17a62d5ece0efa53f6eda587701db2448dcdb1630d4e873

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\04e1bbfc486eec56_0

MD5 1b6b34e776883dbc72aa0a1b70eca42c
SHA1 ca32badf702bd4613d700271f27ec9f7822f01c7
SHA256 4dab0265387642af2f96c07c2b5871d138df02a820ebdf9156e40eefa5f6c34f
SHA512 3d6c2a523173f7596571bce2a04067baed65cde867069bd279f881bae7f113bf9528db5bd637f6f5af2ca7b1fabf8d47063ce6370817f75ca2a9c01c8d7cc1da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3676ac00f8f874ba_0

MD5 191f7413288f1ff22b6c4f8be08d8144
SHA1 a893a0e3f4c82724a3bf4ab54c90a5142d33d1c1
SHA256 8a0ddd2e9be096840830e6bce41863ba4d0246363d71bb26c37d78dd9c9a1bcf
SHA512 3ba479553cff48e72ef70c9d6804ff3f543e2ea018394dd5832c77f9284af48f557e4e2b30297f5f3d39e2ad85c048b5abb71e605b65c787a9f63350323ca80f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c3bc3f9b582bf457_0

MD5 3377b7f5d8c6efa7a9973f3be529cdbc
SHA1 248808877112a59708a204c19c917e1e52f4bcba
SHA256 a7a0343c2b4a27aca8406a9234021037179cc2cc891d6a044d129d811d289c0f
SHA512 f0b18f843e542b7248a3ac60fb5b8c64e0c6d85fa6b7ba170f7399d3113d2ae1005ee41b0789bd3f43f2637023ec4f31117a38f4a70bb9ab8682ac60f2cd617d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\698b1b5948f5c3ce_0

MD5 cb7b55abf9d50dce32599b3f79446b26
SHA1 4f57e6bd326024e5d29d3e74b9ddfc46e383fc33
SHA256 7008d29a23a625c944f4b71317c2c12d71cc3889172a2df774c2750b0db5b82d
SHA512 966ba177b61a93fd36676bda3f87b8d05e490b615f3813f98d09ee7f650f5bbd3d780e8253610e47501974d9344615b79d52e97d1a81dc0d57e8c179f6bcdb4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\059d9ac87a9c8669_0

MD5 7a595fdc24cb5f9fc23a2400ad8554c8
SHA1 0f78c60dcc8ea8565893dd6710024f08ee5a264d
SHA256 ed3ee2dbef0a39cc8b7d1a37d7609710a052a491fc3bdff71c51cda64ae6126f
SHA512 c4a4104900769b6bd7752bdafb2686149904a6bfe3300b113d573163c397b22a5676e627c41c07c5e00bcdca0f304d6be126c9c5360b2c6a84be8ea286500890

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc76e3e01da8a34d_0

MD5 1d6e83022a905986cdafe2cd5fe8fbed
SHA1 e8e08078748d414f0371fb75fd27688b9dcf9803
SHA256 4cb982ef3c0827a14b08843dbce5a4c374d7843db0a79dba6ade726f171b5785
SHA512 024765ba5001ec8cb3325ff99d6c1db528beab4bc995d68aa4d41c0b165d24cdb6b9a8849d0ed32301d32052339ee996ae7ea9caf9ea8f52fa0a6fa286c3b8f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ad7837ec850d221a_0

MD5 d40aa815f6c32f7641c49645e47ff8d9
SHA1 64cd54ec9137d9f454cc3beac2136bd3b949799e
SHA256 9b5690f09e303cbd9027a60765eb14d4754100ca31ff1e9cf0d4c859cf32f41e
SHA512 3a0671cef50ec9bb5574a9be13ff3949f20369a009ea15d1fe234f8258319c8addae366e46ad0a5af70fc6e647d402c5c75d040d4c11f78f8142fc9fbe04581d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e087ca4ff93d81a4_0

MD5 f0a2e0418c43852ac83fa34c18fac7ca
SHA1 dcc6326c608b42e8a67a2c03ddaa737d9bf91de7
SHA256 d5b76c9e9a8e7e935838bd362f31a2a48ff79689f124d80c93bdc013d1d42ca2
SHA512 04eb38d130d171208d2298f84e07e904906f42647a979a6d136dc50f8d469fe53a6ac6e4e20bf91f067fc3f1290b597b46b08a97b5ea6ffdb10fc067ba9a3f03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f81d81db6c99ba78_0

MD5 80d76c6b8d85511080e18b973cc89acc
SHA1 bb7a58df56928fdc2c678d449b52afc58ea27f07
SHA256 a4894c76c92b0483cfbf2152291cfef0e67897ae6789bbb3c923312c56a046dc
SHA512 9dce09cd291c1c075289ae518ccdbe102affb540647f7d96cd07b0d72c8421b77a86d46022108f1f6a15a8336392116af58890ff339cb18bd68784edeb55904c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ebaf3529ab6762ee_0

MD5 64049aee8643ce07dd2e7c3adffbdced
SHA1 849893bfdd43ceac05f4acfea8d6335ea6d768d6
SHA256 87af332e9429ab0865cef1a6a914aa004346de3c5c03eb1011a73d72ef8da026
SHA512 3cba7d9f07e57e887ad31df677460a6bf2daf6fe75fd10b0c1d9882160871e8b038be847209ef57de24ae88705ded52faa2ebbda9897e5e228c25362655ac1f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9550be5537f85f52_0

MD5 6cc58bb1fbda1acfceb01545459b202a
SHA1 87d2960f493002af503c0840b9f4670001b35976
SHA256 b1751b0888b093dff1ca814b32ccb1633501e395f867ff8e0c92254c1fcb7465
SHA512 bb554a05a0e9e3d0dcdc7212e25b6ffa989dcde4c48c0fba3e01895b6742f8bb841dd92bc0bdb18f697290d10a4917715d1be46cd7a902991047dbd6adffe856

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e54d22dfbd1448b6_0

MD5 676fd085275d4ad6cc8679d4038851ff
SHA1 ccd4fe14493d3ae69c8c22ef5b7abcf6abbfcd7d
SHA256 fc1d728aae906d0406a43af7197e505b263cc79cd5f5ed19a0da0e290b2230a0
SHA512 fff30441b5e9bef7293978fe92756959084f26dcebefb88f8d7b7544ce8d66878d534ed8b3388a567b10256f795ea086046016c438ca16e8a799577dbf90b5ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a1e27ea15c1607a2_0

MD5 dfee7eda9769981cbb27303296caeacb
SHA1 0c8e2b83882e682577810e221c881320ce91ca94
SHA256 dea02243653e9a61d3df13931912b60e723a343106dc085d447976e1740d1cab
SHA512 10e00103c5e0b7f503589dafb90eb353ec57667b3d7a0c2e97bced5cd0c46c4eaf3a046a2756f172fe62351dc9366d4e54137b4e3e78dbc227ce093ec4de5783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\86c93e2b445fafd1_0

MD5 655b2fd697db65b3fcfb9583e5e8f016
SHA1 8bb3429564a56cec02186df942131f01eda6c079
SHA256 018bb44d55e3a3079a7f819998bbc0c0597eab6c18f8f5ed790a46dacacab268
SHA512 fb98c56ff3231e8b79f6194af430270d3822f398a701bf987d212bc781fdfcdd8bf7fad35ab3275496c86737eee150117d9ce9350b71028f2828662e13c4d181

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3a5983b52c861731_0

MD5 d53024c1ae1b2817680c8f542b1794a3
SHA1 b6d920f132b6054b28ab8d6861ffdaff5de0bdaa
SHA256 02c5176a902d4a3a90d6e7df0cb69a42c8282860a9b506eff49ad88a11f357dd
SHA512 874afede2b477160e5acc8b7eccb3f0f06fad0b93c0c13556da03c968c1b1dda293a3cbf93d34b05ee08035e180b84f3e3fff4f564ee89b9f2b4cf3f0a84ce24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\acac4e8020972ce7_0

MD5 62e2cd42eb4df59cbfe88918719b1417
SHA1 432629c11ec00fe718d4981f13ba5434a883824b
SHA256 6cd0c82e8a2e9bbcf2db4f0f640504eac4d764e69aec90d5dbb69fcb74de21e2
SHA512 730604cfd4c773397e7490b7df9f3ef62799635f8a73c541d1ac95c8704c324b0baf40e7d8930e7faabdf0b729685ac1f8742a7055d7b0e531b811df9c2ddd11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8fe32427d3c908b1_0

MD5 5bbd8a2c797aa7ebaf8a9325922be92d
SHA1 012d7b887523b2ba697d34ca1332fc9eda811a5e
SHA256 2adb4ccc3a649789a100c912377510880261169ac1e2e1810b345dd065418d53
SHA512 b126a05fcc758e336c7b9b4d8d58d39aa17053a5b18c7466aa00f36d6feccada72836eb085cf4815b976d7a89a6d98f1c3c3c83278c84ca732e670d251fd31a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68f56d8d2f6e7f86_0

MD5 08e49b4487039808d06e8dec5f69648a
SHA1 5ecd6003be8093de5efc77ceaa95efd2dff16e5d
SHA256 9d414840fe827fcf25e19220e53ff6d19ceae14cdeb37e482d22a0bde726ade6
SHA512 9a7e3c702400e13cedc3ba985dffd45cb715d2ed44a970788465c6ba9290e3394e475c34b163a1f73c1b557c3c6318d47e0d701bccc0064c6e3663a35d42edb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6d23cf61b2188522_0

MD5 57ed80767ceddd582721c0ce72da8347
SHA1 72124d1c30837c464b3071d4138470c3db2562fe
SHA256 b7141107f2ce3a25f7dec0b8580fc1d67f65e139c14b9d39774f389df602a485
SHA512 bfb96bbc3f835c085de8b3ecf605a8a8d9470b9b9922e6ae3d72b6db67fc6dd63671bf3f0b87ffa60ab2b2cdec90efbbb8a434a3a6f1beb3573af70bf7e93ff8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5aa065352c1f536c_0

MD5 5f61541be63f90e13fefc08f9e57a97b
SHA1 af64c7c1a8e9a64a866b54b2101a58c7f2e4f344
SHA256 5bd54064baf23b9bbe7e73580c5ef8798ebeea7ef13147ce479068d0f9f19024
SHA512 180a066051c96f68d9f5fdf2ea1800998ce880636681ceea7064da65cb2df07d5c426cb917682c211e01648561a6b6e7c94da5acdc522672426c60c77e3fd9b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1db6fa5b8a79ed00_0

MD5 1494ab0081059d08982ce9cb1a6c21bc
SHA1 d50caf97d2abbf1c2ff7c66293fd832dad6fbd34
SHA256 eeb534bba38d3a1ab905a6dea40dfc0e9cf45a241538fe24366153cb46106769
SHA512 6c307a1de9fb346ee824a27e83ff2c749ddd25a2355b8e81fdd970081a15d9719dc6abe58b407a5039248b9a737f08589811537cddf12f17fc45ef0230806275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\11ee0c7337fcc230_0

MD5 f9b0634485c6bce4b133a054f849c815
SHA1 056daf7d69792905d0972ccb49a88a0eddef0dad
SHA256 8f558b5d5f658a699cc90c0dd8dc13ef6c3624b85285e5fe7f1828c7e76bb964
SHA512 758f9e701407786e8f38527104847cf62854f2317e98dd05f512cd6191769511c569d9ad45bdc64a1fe3e39acbad1cbfb6ba0dd481fa39ce1fb45399fcd87775

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7efc05442895d387_0

MD5 929e64e2afc468811e9d1e969cbbd401
SHA1 1857ea6b48cd4dec05503cbbeb63fb62e6a2879b
SHA256 1e18fa48d286ae4b93675fe734415cd5d4950e95903a8aa71caf66865128fce6
SHA512 6f719774817814db440485582d803f9808f37ad6e45900460e6933ac66c8fe516f579a0a8ae74b7db2cf4cf80ff2c3bab17a90926ac20e818cd5b71de1989632

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 889686818f7e9db0b6d58e46e7599501
SHA1 b29211da1297e39b764d02d9724a8711d501f613
SHA256 bcf97dcda42e40fbd9a2074f076241e15cc3c339e9efbac1614353e74d7c86bd
SHA512 348b7978dba7a0d7cdd3d7ae2d697c6fc93fee9ab3bd3963de94b18dac645d88552c75c24d631d431fe298a331bc20f7dec399c23ccea2b3032b1e8052784025

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ad91219f308fa93acffc73494c2e749
SHA1 63880e2f2a2313b656fb0b100d7beb5889d83184
SHA256 ca96ed35f23e700a398a77229aec1031d0b88fa96c85b1cba0c6b8d90348e5dd
SHA512 3009fcfb4770d8a3a3e7a84be538e11b270a75c4e6e3875f1dd49622dcfb72dcd1f42b3713621d9eefabd27d1e9a8288147df307c2ac64bfc2133a94fda3a833

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 23a11835daef24b0d12d2dcff14787a1
SHA1 dc80660bfdd749698c8cbe8b410798a964fb0634
SHA256 a71509579bd5e303d7dbbbb188f9a77ac3fca591b51aa895dcc661065da4bff1
SHA512 e87947f02bd609453157cae74eba2f15dbda995e2b4644fea530fc22377044d6489da583a8aadf2723c95c078feb9d4d5c1cdb444dd09231cafccd5ae7365043

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f80cf6c48f35bea73968043292171f57
SHA1 abf7792b0c3b7d16d610faff748edf6e79196a8c
SHA256 53bbd1603b1dfc5edef8d2fd3cc52077f548610b55ae855ff7ead9bbf662ec3c
SHA512 21ebb310e8f8b26cf015f601747eb0811c2a6df9d2c2679865d1bec334741be9c961014c44f4fe2cf36744224ebab6d8d6377863ea4bd7e32b6fe9b135b30f70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 292c2478b61c1eedbd41023e2894dad3
SHA1 db7cde7bd90634132a0bdbca55214b22a32d8d92
SHA256 09b009c32ef454aaddd62e5781e9a1670b6fe716f078cd21debf36ce495490c6
SHA512 4d865bd5bb5b7003374073cc8bc84ba3be9d5d8727611e6d4a1c8e4a68380ff0b820e66d44f01b1376381179bce71c4fcf848301adb92e69ce35bd40eac5cb91

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-15 18:42

Reported

2024-02-15 19:13

Platform

win11-20240214-en

Max time kernel

1024s

Max time network

1056s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\RealBSOD.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\RealBSOD.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RealBSOD.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000\Software\Microsoft\Windows\CurrentVersion\Run\RealBSOD = "C:\\Users\\Admin\\Downloads\\RealBSOD.exe" C:\Users\Admin\Downloads\RealBSOD.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RealBSOD.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\RealBSOD.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RealBSOD (1).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\RealBSOD.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1084 wrote to memory of 3548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1084 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "1" C:\Users\Admin\Downloads\RealBSOD.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\RealBSOD.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff890199758,0x7ff890199768,0x7ff890199778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=824 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1120 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3708 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=832 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5144 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8

C:\Users\Admin\Downloads\RealBSOD.exe

"C:\Users\Admin\Downloads\RealBSOD.exe"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im wininit.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im svchost.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im wininit.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im svchost.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im wininit.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im svchost.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im wininit.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im svchost.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im wininit.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im svchost.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im wininit.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im svchost.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im wininit.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im svchost.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.6:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp

Files

\??\pipe\crashpad_1084_UCZDMDWFACFOXOYC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b80c0353f37121d358caa3223135150
SHA1 db3b69068cd2c5c8dca75ba3c8158a697a221d2c
SHA256 84549aac1cb81e3bfd398467c11dd25d1f2c0bd3e7c3b576001c4e376562160f
SHA512 0af3f4cd3ed34f724e0ca1fe2dfcd9c9253bcce61a2afdfbd3add452723d91c774b0ea4c35463faa9b448b1e4783958e67e76e004fa84a7fc8558ef60590b68a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfe2f9be0b770a157b65d9790aa8372c
SHA1 b264876617c51089db3684d1ac5535d0617e8bca
SHA256 c2b2ce4f09aeab27e4c0c5cf852d8423bcaa2566486c612ff459f82655501bd6
SHA512 813f53011dbfcd5321bc32ee62e974a74759cd2dc1d130e0fb32cc419a19d6345eed46656313e7967ab02a623a860d4f6da6eed24b538eb879317e53d2b10793

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0f840bacbd2f0b56cb0756b72d45f523
SHA1 972a4fd2afb07a503ee9ebfc3c543b1ab2925eba
SHA256 e7221ca7ed15e583c3fc28690333985dd1010ad97e057f4957f2bb9e8b77c34b
SHA512 fac08c20024a5fc0e0be94bd7dce6fe27ed9200f0ca43878e054f6c40cafbd90df4fbae3a5135d5580770a7d0af1f73be9fd5bec98a6ead5d35ae6f64c26c8e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5c9d252b96c11948bee99ba39b9a5116
SHA1 f0769e7ef02bd7b784264ff962adbdc769168be2
SHA256 2043018399ea7814125c8835c1145f2f789f2740c9ff9415478cc3f883b304fe
SHA512 79a8845c69dda96412b1e1b805ae968ed3f532ed53fc3a7bad81a277b3fab8703a2c812d88f4da85e54f04aacecb98218cfbbf00b3a4530e5140aa3070702f71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2d59db33c38c4bad00c2f3cf92d49b27
SHA1 b712ceb8b4ac8e826068c98063ac19d61a194126
SHA256 1586ffe027eb02825b59af2bbaa53faa63cb2c78d7c19da6b44ecb5878a64bc1
SHA512 8dc679be7b80b8716f3d42f89e85db2a9de6b9153c09c3869daf168414a2c3bfad174d1c93e482db29a73f18d56672effc7f0d9b157b0fd9d2ca1fbf7e0c2d61

C:\Users\Admin\Downloads\036b5568-2b95-4baa-ba17-8f1158a65126.tmp

MD5 1092ecd10230551ef8cc90c32f103921
SHA1 d9c539c583164c23d3f62b9c9e659bbde59dcbe7
SHA256 21e9c64b50918b43b657b4b11bd1d54d70c69723fca117a077ffb38ec4cd5fec
SHA512 4fb10500f88bee5b57c255f8e776cebb5dd99729e7a2df3978347fb24541770a2f2865c54d1cf9989caaf1cb54a43f84fb4f33aadcf5135c85380927648f2b6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6160c4ebf7869a27f0f6de28c2b718d0
SHA1 9f5f4b7b5741cefac185a0a0bbd39140720fdc2e
SHA256 09ca1d93c1d7df7ddf65604c57009bf6283e54ae765b94f17a8a69e36a673a12
SHA512 21bbd231c997bc5bdab4126ad9d04ecc2f7295e892609905ce97bb8731ac26c38a8dafcd84a0cd6014ea26ccc55e5e5e777a8450d030afde04c11857f2d71896

C:\Users\Admin\Downloads\RealBSOD (1).exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ca2b2a86e45329a7eaaa276e3a0f3971
SHA1 8a9d437dc0428d3ade5748536137b694bc2ac527
SHA256 73a9f4a5a77f38a83c6eea80720e2aa9f558d0f93c8c0aa04c6181f65b581b91
SHA512 878e8f3eadf786761351149c27c7fe90cafe656c867cdd9868d32df44b02ed9aeb5728bd24f4724c0df528677007dd36736463d76a461708896e788712ba0dee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ad0c8ad99a84fef56751deaefc64385
SHA1 f8e859ff007ef44d2c101090851743b3e77b79df
SHA256 27b45071bd4f4bae83fb48f463f478892ca915edc34cfbfeb5a4053bab4e327f
SHA512 fda249540b4858cb1b6ea08e5f604b37095ea5983cce0d22b85ba19f8cafc0ec904041938f14e44d97f33278baf3905613ba989188f2848990bbc195719d0a95

memory/4928-290-0x00000000748B0000-0x0000000075061000-memory.dmp

memory/4928-291-0x00000000008C0000-0x000000000090C000-memory.dmp

memory/4928-292-0x0000000005930000-0x0000000005ED6000-memory.dmp

memory/4928-293-0x0000000005420000-0x00000000054B2000-memory.dmp

memory/4928-294-0x0000000005680000-0x0000000005690000-memory.dmp

memory/4928-295-0x00000000053D0000-0x00000000053DA000-memory.dmp

memory/4928-296-0x0000000005680000-0x0000000005690000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 379216b470597ba0acda4f4603301c86
SHA1 d749bf96adea284ab3171eca88f01956826b388e
SHA256 494b8029d5c95ee8738003a3406efe06dc3f85b7e3eb7bc7ea85948af9e66cb2
SHA512 e1d168db44a1a59e133169ffb2032b38bd0b354d70d4302a8b2ce544072e4bcd6f8233b4ebc74a3d7d03fd64d2a82df47c45b51b23598459d481c15c2124a755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe674131.TMP

MD5 e0b4f6bba08379f36eafa716abe58b9d
SHA1 910f979e57d833ba202e5eadca4d89dabeff697c
SHA256 4e91330154f2af86e46a5a47c17585b574a51d13eeb220f1c59a994058f69558
SHA512 aeb1103a2da40a2e11c7f664e8aaf25530423abcb79734b0e24f90097e3fc62e5a948441ef39027cd3b97b34928a0c20ae37a3b9ed7519cd2001b5f8f1019c53