Malware Analysis Report

2024-11-13 14:08

Sample ID 240226-1ltfeagg68
Target 24b2f4d166acaa53e399d79b0942811e.jpg
SHA256 1e4ff97d7c0f8c32e9b5a7b4fbb05e69f91c10c88d5ee58c8a1d2ce9805759bc
Tags
gcleaner lumma njrat vidar zgrat ab8ba484d8a6c9be7d043c05bea0aa9f hacked evasion loader persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1e4ff97d7c0f8c32e9b5a7b4fbb05e69f91c10c88d5ee58c8a1d2ce9805759bc

Threat Level: Known bad

The file 24b2f4d166acaa53e399d79b0942811e.jpg was found to be: Known bad.

Malicious Activity Summary

gcleaner lumma njrat vidar zgrat ab8ba484d8a6c9be7d043c05bea0aa9f hacked evasion loader persistence rat stealer trojan

Detect ZGRat V1

GCleaner

Vidar

Lumma Stealer

njRAT/Bladabindi

ZGRat

Detect Vidar Stealer

Modifies Windows Firewall

Downloads MZ/PE file

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Runs ping.exe

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-26 21:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-26 21:44

Reported

2024-02-26 21:50

Platform

win10-20240221-en

Max time kernel

287s

Max time network

296s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\24b2f4d166acaa53e399d79b0942811e.jpg

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

GCleaner

loader gcleaner

Lumma Stealer

stealer lumma

Vidar

stealer vidar

ZGRat

rat zgrat

njRAT/Bladabindi

trojan njrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd.exe N/A
N/A N/A C:\Users\Admin\Desktop\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe N/A
N/A N/A C:\Users\Admin\Desktop\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.exe N/A
N/A N/A C:\Users\Admin\Desktop\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe N/A
N/A N/A C:\Users\Admin\Desktop\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\server.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\server.exe N/A
N/A N/A C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A
N/A N/A C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A
N/A N/A C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A
N/A N/A C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Software\Microsoft\Windows\CurrentVersion\Run\4ac5522ba6619835b9ac056e603570c4 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\server.exe\" .." C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\4ac5522ba6619835b9ac056e603570c4 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\server.exe\" .." C:\Users\Admin\AppData\Local\Temp\server.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SKB\LanguageModels\5940a34987c991 C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\SKB\LanguageModels\dllhost.exe C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133534575311949351" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\7-Zip\7zG.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\7-Zip\7zG.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A
N/A N/A C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4312 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4312 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\24b2f4d166acaa53e399d79b0942811e.jpg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe0e3a9758,0x7ffe0e3a9768,0x7ffe0e3a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=480 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3736 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5244 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5316 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5600 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5844 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6048 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5484 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5964 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6064 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5256 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5460 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5596 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=948 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1768,i,15045523588502111106,5732838287634261111,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Documents\*\" -ad -an -ai#7zMap11011:942:7zEvent4040

C:\Users\Admin\Desktop\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd.exe

"C:\Users\Admin\Desktop\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd.exe"

C:\Users\Admin\Desktop\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.exe

"C:\Users\Admin\Desktop\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.exe"

C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe

"C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 2104

C:\Users\Admin\Desktop\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe

"C:\Users\Admin\Desktop\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe"

C:\Users\Admin\Desktop\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.exe

"C:\Users\Admin\Desktop\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.exe"

C:\Users\Admin\Desktop\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe

C:\Users\Admin\Desktop\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PsnJ6b3PSK.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Users\Admin\Desktop\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16.exe

"C:\Users\Admin\Desktop\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16.exe"

C:\Windows\system32\w32tm.exe

w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\server.exe

"C:\Users\Admin\AppData\Local\Temp\server.exe"

C:\Users\Admin\AppData\Local\Temp\server.exe

C:\Users\Admin\AppData\Local\Temp\server.exe

C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe

"C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tXGl5KOL28.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe

"C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fVfPD2qQtb.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\w32tm.exe

w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2

C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe

"C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nE1uIQLIWX.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\w32tm.exe

w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2

C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe

"C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\b5cCzjWvuk.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 bazaar.abuse.ch udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c70.gcp.gvt2.com udp
CL 34.0.63.29:443 e2c70.gcp.gvt2.com tcp
CL 34.0.63.29:443 e2c70.gcp.gvt2.com tcp
US 8.8.8.8:53 29.63.0.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 209.80.50.20.in-addr.arpa udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 29.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
DE 88.198.112.251:10050 88.198.112.251 tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 251.112.198.88.in-addr.arpa udp
DE 88.198.112.251:10050 88.198.112.251 tcp
DE 88.198.112.251:10050 88.198.112.251 tcp
DE 88.198.112.251:10050 88.198.112.251 tcp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:80 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 healthproline.pro udp
US 104.21.16.186:443 healthproline.pro tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 186.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 597359lm.nyashsens.top udp
US 172.67.194.35:80 597359lm.nyashsens.top tcp
US 8.8.8.8:53 35.194.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.ip.gl.ply.gg udp
US 147.185.221.18:43389 18.ip.gl.ply.gg tcp
US 8.8.8.8:53 18.221.185.147.in-addr.arpa udp
US 172.67.194.35:80 597359lm.nyashsens.top tcp
US 172.67.194.35:80 597359lm.nyashsens.top tcp
US 172.67.194.35:80 597359lm.nyashsens.top tcp

Files

\??\pipe\crashpad_4312_PNRCRWMIPEQXVJXW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3c2b8337d60e1f897ba6722be2f3fc7a
SHA1 71ee0f2bb94e44c88cba74e07445d5cce3c62f5c
SHA256 8a89f94e8f4a86b5902868b3bc4cf962c0d4e27fef5b1d09ddce7a4c19c86273
SHA512 2d1ba3d136150b763ccc3e1ff138b36dd5b01892cfa592c512ec553467f360ba72912dfe31d107f9fa85071532609aca2bb6c654040a982ecffde6868c075192

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3b5dcb7c-715b-473a-8c98-49bafdfaca86.tmp

MD5 0374b643d0827ae98bc920e025467a43
SHA1 343a8241f7e4ffc8297679af7e2958c1a266d310
SHA256 2f2b55a69f447fa1b424176cf355bbc593a4b7451a0a0ebec86b1e3ff3d3ac05
SHA512 b6b28c4d0d1482a2e5367a1f4e4e07ca977832f08bea294f920bd051ee5489be6dabd64eb58000be0b1db71d547d4ecf7457032ab16fdeff155617378ef2db3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eac5854f41f416bde8dd58d21b532b40
SHA1 0c91a692f29ea2c75fae8997681b1643266386b5
SHA256 4b228c180ca336906a38282187ee902f099a24c4eb95a9e116eb6015b293defa
SHA512 0c1fde82ee226a6650b669744f031313a95efc4c79cef0e93f5bb56362a787aab94855f8c3641b117ee5f64f2742cdb9566069dc12ada99d7e8a989350b960d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f054668b1067e0b3e59dc1bc24aaee5
SHA1 55cfb91b37781775de60ce895e98bba88e75af36
SHA256 2685264225faeb1cc32747a9c0744b88a929a878f365b225bb4acea1d52dbabc
SHA512 b92b8e6de290ff1aedad96610b1cdbadd76453d2730dbae2c731e1c79a524225bd12ca77e9d490eebbd4f1da6c592104ec58013199366b137c3dfd253823d993

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9cb2c3de27e22cb7cfe5322e8111a723
SHA1 cca3092354f2504299a81c41a59f4a592d1b5f58
SHA256 b99bcfb655d25b3aa2e9db0ffe3daa8db3ab6f338573372a64e7ad5be4ef7e14
SHA512 b72428049d4abc44167310b60d8e69a4de4d7832b788ae7b01de9b0f20fb31e89875c298b9b3410b9372b333f74b77101241df9822f0ab8ad34fd30658c26eb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8124f0710d5a0b611f7da1c5b4fce934
SHA1 07171884f81bf64e85c7480b7ec826f67150b4b7
SHA256 62d8dd63c83f9a2d9b2cd2871b1e99698c9a9bef16b07ea1709c0497c829fe75
SHA512 a23c09425aed56032a3e07b6b3468356fb9304cfa6bfb79f57793fa1a3e4c5aa1188ab892f1c927c62d55c2fcd77c319961d7c4e793917adecbbff38628b4d7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd65068ee541f13107a38e72bb5e0d06
SHA1 500637528e3310a11a54ca8418e564a4e31d803e
SHA256 ff3af23e6d258e017265f3cc31edce2a345e9122e6d02488d2c3fc0d25854c5e
SHA512 29d5199fae7bf5a6713db4fb520b975e35c32a73bd6c4a3e10fbcc6328dd11b3ac3227331cbcd4c057825edb208a40205d5aecc2b81f25557f8e7631ebf69bab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 54f8df1101525ff24a95c95b11d9b847
SHA1 75ea6d1256a4f1f0d9e71f583c7e8f86d0febf46
SHA256 983353a4b9915b6509a961b2c371ea4c484ce6ff162e1434ce401110c37b458a
SHA512 6304b65715ba3af6cbd7b6836e011967b1afea59a57c6f465831c98f84cf1aa28491e7d1563f8e7e504a7b982fff50ecdbcf14982f4046edb2791904a88fa380

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72abdb52746805b91d3a78b766fd7190
SHA1 4dc8b9d7f80e4bcd6cdec817989d35fb0805a133
SHA256 cb5aa20ffdce9606c3020afeea9eb785da83473b950de6192781f2145468fbd0
SHA512 677e8e778a2198a22badf8b0b9fda80afd7afe8f9cc2e96fc13ca5b20977384dd9ed788ef510b09dd51732f59f31ba457eabff6c96a490da0ac0a9714ccd3094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0bb4f2fff719e2e36755f4fd2ad630ff
SHA1 ec0eab793bc288ce81742b958e579eff8ea9732a
SHA256 764de9d4638fc5d9a3c3544307b3b85c297f2f63e8db6ac3f91f7f60e33ac12a
SHA512 8860b95709594f921e0f9fe3e11c7f185e78782546133d35e06a27494d87253e1becc9ad7ceb84f322a97adbe50e4c0d196ecaf0d5c2a77b5d356000c39019d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0227946e5b4738f9334b7533b911c9c5
SHA1 45622d5f6d6fcc80858ace7f3f8c9ad90e3196e6
SHA256 7a3968c0e670740d51d29541069ce038a0b258937c9e3cb1b925aa7386366859
SHA512 0792f3643f198265148bad49298ec61cbad032acbbd9c9d83620fd8e267f43a4ceb0cdc9ef83c1551bbb8f775ef5538eb45a1d3c5fc5305bb3ad21ac0634d8fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 1f8a0089d168058204d311143b7f508b
SHA1 28ea4d33c0a70e0d600174deafea7d1b4ef204e3
SHA256 089184b28b2f756240c1e21ef7388664ef5ca0da644f885c20a4032b7d460679
SHA512 24918f186f852826c8902f207be730968985651caf4979819b356c49626a7ca4e56f9f437d8d9206ea7ff64e732cd7b6263aac6bb1c5b25eb09353db3d05df71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 3b5537dce96f57098998e410b0202920
SHA1 7732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256 a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512 c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 888c5fa4504182a0224b264a1fda0e73
SHA1 65f058a7dead59a8063362241865526eb0148f16
SHA256 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715
SHA512 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 b15db15f746f29ffa02638cb455b8ec0
SHA1 75a88815c47a249eadb5f0edc1675957f860cca7
SHA256 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
SHA512 84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bed522d4eda52ef7_0

MD5 b506ec62f99a995c309271d9260b09d9
SHA1 1a55a80ae237af77d18ad12cf73052c2b389f939
SHA256 5219955184d6ebfa93a7b67676d6ee7466915b8d5251cd6d4217998da1cc2aac
SHA512 728ace9bf5f6f6afaceb35cebcf9142cd55aa1296f2dfbe4cf858a8b31fa2179200828d04ed88979f2473e430c38f5fc07618eee4e7769f833475926faba4019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41a4ebffd069515d_0

MD5 5e09b125d981c90bfb737aafd83cd294
SHA1 ce40f211414bbee8fe7ea5e43ea56cb2aea1039d
SHA256 cc959b077069a967f9f3bff3147a8ec5dabd0daa1f6da1943823e254c2125f83
SHA512 a034204c12a432ac1a2aeb3012307f29b3fb3c8191c036b84fef3e515cc0a42c0e8227e32da1abc72a199ebd95f54af579c27cbe19abc8c58c49f9d8126742ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8463502d7e519f7ce4acc53c684ef903
SHA1 50f5c6f7febcac3c2d36bf20fdbdc3add7f4155d
SHA256 613c7c4d0a869940890ddb1e3c83e65064f7565e598bec158eef90ef7f3d3aa9
SHA512 d4a8e2ccb37e2f39ef2a1581f08b9210f4be09830700327651cb3b9118a8827d21a4b195b3ede8c38e536231ae8326067a134d2174785d2e1db5fe7742e770f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3e0e2889c59bd5e49c9d953823e4029a
SHA1 7118fa3f255f077942adc6e292f3c6254f911e62
SHA256 d8dac01ae25cbf42ffaed9f48dfba441e49585cbd6acd6d38311d68fd7fe4eb9
SHA512 b3c64d7dde6c33ce25ac685935e71a863ecfb83f968461575e2bffbc0b7fc03b676459739dd94e5d0f57720486c4ff467220ba298a2044563bf1d757a926682e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\00e2ca44d59ff3ed_0

MD5 00c4e2f14e3b4ac17116fe707e757aa3
SHA1 9ed778225a898d676994c69cfe2abca822fba8bc
SHA256 dea41de10cf0590398e82b384df2a452fbd191be16319b5b8797580d043a618d
SHA512 c9e1f19af4b88e45feb9efe11c17e653a0122985900c09c4e1aa0ffb8062d88adcaf7f729d27e06a94973a970c25d3f6ae1b6857a50ecf783eebe63600105b56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\24a37706d3ab219b_0

MD5 002f8512c8ee30c1547b4a14b8e1f5f3
SHA1 90d96dc296b7178c6d7f12a919d042995c4b79b9
SHA256 c7e55230a1fcff7d14187f85c93f36a1512b3cb88a33a1f4e9b2e97d2d62f227
SHA512 6d7514b48d2313e550d3511f6c0549ea5ee2a12631f44bfb3a537e8ec7c0e18338c5545d07889b0f9fc83badd1de62b1a6cdb82ce2aec15c5750ad7fe919f2bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\127f1fe4e35c3844_0

MD5 341e42e364f6502bd0b410e9e641fb67
SHA1 85514e1dd5c82e690b1d4ec2ee6c38c0d70b5b9d
SHA256 ffd44c580fb7b3425e25a64578160ce5961955b53fd65397d66040dc38a3b248
SHA512 9586ee570338bf4efae3f0a7cf6f62e13dc1efaf312fe3ce2b4fabb9905d9110780b90d30d48493afc93371ed376b27dc0c59ff69a574011d50830c267d1fb1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\02aecf8da6f8f2af_0

MD5 d09812d6f8793aad8c3ddbb17dc20fa4
SHA1 37b5d3bc87c1b52a32ca6bcd919ec92d30711160
SHA256 0d2c2eca93d10ac9b47e9605141a4b385714deb69c5b4f6c2e2bcb3317ad4924
SHA512 e01a04f1afa353e20e7690f1aaf690a3655517c55dfcd8cab71b4172bd0ac09a56f8283e8de026ad9ae27209cbc474c63bf6da2b716970b228764955320a3989

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 709b6aa44b0e02ced1f0b202aafbf1a5
SHA1 fa79d0a40f2ffc07f20253c90b02d35a48c7ccf1
SHA256 d7624f384818ee3248f5a8c145a45d3512d8aaca6f82f5f6417e5fa7794cfe6e
SHA512 da0b9b60d2b9d3845eda539a420b2d9b413e0c630b176152ffdb920839df70abff8a0ee178c508814ce65355fa72e8ce6768b5b189141ff9a906705ca4e8e256

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c12ccb2945c7c3c3_0

MD5 af51004a9010d44504040dffdf122b91
SHA1 26801d032a2c7503e960702225f807e10aea3e6a
SHA256 a4b525d348f8e88ec96f855a7a05c4937c3cb4b169675aedefed44be71cf4a63
SHA512 bc19c5db0cb8de955090c06913d15a534277c0e6135f772c8846aca1ea4e3127fd31dd5094af3ba2ea9f0fd359d6828dc13e8864f8dfdeff7ba4974a941523a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bf76896142e5ac7687cb7f439d0353c4
SHA1 936ee64e945f9f7c793b8a3b376a1a3a3586366d
SHA256 bc125f2b4c02eac99ee2a04e31b309eb10e42f4143a7703b5706d1a8b3a2a4b3
SHA512 07a0caa1852bbc36896bd7921e7465b88037f12196aaf85d013ac324ee34b8230bf1c72adbd098ae4f20ae5e250e68063f8e18fa51d8a831cce7214a585db2c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0304325b1c9bbea5424776b09f725e1f
SHA1 e82aad096aed08619394cd333fd4aaf5d97592fe
SHA256 6d18fc2d41c55d80e1488dcd638a4c38ba21850a77e91b19cce0609a3f8ed6b3
SHA512 9c17232ec231d26a555d82bc2a78307c64197fe1fb30a0a2b6fb62f7dd4bc98a61736f3669f02b2c9d80341095327a1a077b236623640c76c72c453d00548f4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 03e85fdeb121624ab2917bde23db2919
SHA1 856a2fc8cb198b4e18715739b7f6733f3b6572a8
SHA256 0e230aa92540491662eaf241dfc18dc6f353726318d7d71245f0018d79a09910
SHA512 6cbef4eb8ba00da8b02c0396ab06215fba7f5bebbeba1e393aca9b5928a2f50124447a01596b5d37a2e5a62dd1fa072a9053ff91a5da2602544b85c9e0466621

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c42b503f852efd493b85fae04427644
SHA1 9c9ecc091c65208ad0ccf11d826fcc54635911d6
SHA256 7374e93d4e087cbe09d346853b264eb661fba0c280c2eea542aaa56b011c41d0
SHA512 faa0a7da19aa7e2e5f75e490cd707ceecfbe36994771b20925bb00e37eab62f11c0854f8b92729aed66a666d6dafa3e3df520cc084c6892374e9a329741b21f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 619ffb31e63bd44505f07c97df4f718f
SHA1 98913d8862a4ea47c0910fbcac2f340d047819ad
SHA256 0c939db0f4751b953345d6dc88229daf1c283719b0232056f5a02168fdf22d46
SHA512 a900e28ada69b54a4bb089ddd0d0696f2d0dd3597abe81d3a6acd1f6aea31c401beb4650d4819346a0621a5ed52a52ade3875d9c06c402015a12ee8a685effef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0d686e970e5921fc419ddd1e74e3b980
SHA1 c7b6f81f91383bba7c9032baf0cb803ffcc07be7
SHA256 3c38f6e4803f984f17cb2acf25fc9b7b966b5bccc07dba4d7f4a865ce68b7784
SHA512 4513abfab3077b708b856dce3a9a69653c281298ab2eb322aa202cd91bb2b77741495d302a49a2e983df6bd5269cdeb17c42075f0b8d4a724fc4f6d03db3b2d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5979ca.TMP

MD5 bba7504977fe27686538e15ac707eb9b
SHA1 2d202b4cf45fbd32a86cf2d71bbb0f2b9ad538bb
SHA256 a60e502e49d30c56926e49eeccf4f835fe42ba66bf7b3b6f057146640cfe7a77
SHA512 ef85fd6e8c7337b165c4b870e11f08faca6ab904ec09aaf96d1b5dc333540799be0be65a21032f309571b630905964c9da902fbd0220ad48ac4735f84b1fe45b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 a40ad4ccf7c3bf5385e244bdbb793772
SHA1 96db6b8daadc1fa6b83428bbecb2c9172c163f8f
SHA256 fdb3b4f56f4bab87bedf4539d2f127e90a7a925e7a108c60539fad8fac8c28b0
SHA512 a02723b1d29412e7baf9808b9d4f84cfdbf2fa2be4f1cd3a42dd54c858d7081867af9a59b6eb3373f91625eec7c5bdeddf48f42b1132383c785415bef48b9080

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 5c9fe2adbd2170104db27ddf15fe3a04
SHA1 7464cc9ec47b09b110004d369286e449a847656d
SHA256 ee84a77ee4e6136de8406a66eb5af5a309365322355b122ca4f6bd6e8ef5d95d
SHA512 aee4556d99fab714d07ffd615dd062109944cd701c3d7d762ee8976212dc959448281b4ade1009cc4033919480bfa575d407baa6d54af1f8793b268fa9757eda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 58fc4d5237a64fb719d1724f37a956d9
SHA1 34b54a88aead5dda3338a1cd3e6cbc4fa08649e3
SHA256 d0f8998ae4ca39972fc2efd64a127e7ac2a9fc8bd690c851a7dee85ba0d045e1
SHA512 559d69fb3b62123f8ef05e0c5e4a78ad0cfe8ac1e13b424d203d02102a86479fae60d87fbba03aa5cac700282012a66d51a255fdea1470c0e7215fb06007772c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 76ce6945de4e8e7a4988783f762e55b9
SHA1 776b057d069676ed1f45857d461a935024c1287c
SHA256 35160171a48a77917f887bce14876301588ddce865420c7fd699af86ced67d39
SHA512 3ccd98483a5502fee45067a6d19f5e1ac0cdc441ccf1e1055d3d347bf2debc136cb6d5723c362be838f9e0ded852400c0413628b7f7ab7f1508c875c9e525dec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e625d7e3a7d1233f27678114e8358e47
SHA1 98990f0395f2dad91f20a0cfeff9382a1994d9eb
SHA256 689864cc8dc8346afaf5d5df26b769fd5a52c6438ee2c786d5aed44f643d5e55
SHA512 0c8b0abeb31a4e8d445c60e70e5415f3c0b009fcf93b170a24fe52ea050708993c291f715d094191fcbf99be0b360ecaaa48b3cb67a222955d0ef2a3ce61fa4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e0026af58dcae8bd3cff619826b808d
SHA1 34698812288ef9b3e5272151504dfc604a71cb61
SHA256 98520903905e9b4e81c77c835342dded362b7c72a6a08dfe953390e0a581bf30
SHA512 02f32a7336537bd2f86722d7b2a4ad94bda836f989d933b16d304b165168a72219a2284082cc361dadb225c93bac3d7d195a5660b46dcf15dbcf361716386205

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\f286019e-b01a-463d-acdc-dcc763513b2b.tmp

MD5 2bcbbcf34a9480cfb0a7b00041f41283
SHA1 802058d337343fe841b42dd9e75134817e097088
SHA256 16f200c0c0bbc13d6038b5d722b469f4920f40d89024aa6f645cdd5b3173b4fc
SHA512 0aec6fe4950d952d145d69bab3c90d061e1c485c07b235140d7a286e8be3a9fc83ac832be6c371572156f17efc2fc000d47457ed4e6102ec1c4cbf46a86ab1f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bfd332452260e31bf9b1b3e9782ad3e5
SHA1 5dddb03a89dd5ed688dfad9246df82106de2e4a8
SHA256 9bf974894678e38507a7ca0d935c50cd18550821367caae964b9d3613f445d6b
SHA512 df142c0f739cf1cc1981b18a131cd880239b51d2bc3b3ac232386b8fae9815f873a19577fb99d6767e0689087df8963778e83cdc73214a6621e958cce29f9301

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d2f6fb299cd79f470448a51e4c99193
SHA1 47de7df3165bb15e8e123499259fe4c2c65c23bc
SHA256 e00814f42d761631f41e2d3f97a6f973780f2c8530ef4c1ab54cdf829f68c6d8
SHA512 9fde31cc173faf970da5665b462936a29935735e8d6b9dd1f26aa0f9a6efe3d58bb9f25b0eff7e8723e54c2630d46ddb3105c06af6b16b706cf24611cc759161

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ebf5ea4fd59f4f9b12945f8fb6183426
SHA1 2c2834640be97fea1b7052c829de24304ab5f9e4
SHA256 df57458b88c901abc8bc86afa96aa6fb03d61cb468d9ce99e5a9771553c13268
SHA512 4d280b63a391107cd5d40c392158622fa6f40e6171829829fc89962bd3e70692db70aeb0c213d8d26ff53db76ed1a4ead35894ce86c5f062ab81f8adb0d670a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 707b1bd10c18d607f608150e7164e592
SHA1 9ef49bd7fe34768339d3e3f0331ec245923fa918
SHA256 87966656d1ab968099bcdaf48f670054be1ce69079a99764bcae4940e22a3c0e
SHA512 776f1af6cd51b01baade60a92482bfa0b37c2fb15a95218fb2078d3e3ae2a87f37278e243ca82cf0a891aa9f343253db2ed0d56f3d2cdd6525dc3fe6559e5fa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 22fe12afeb4b4d577ec3a4dcbedaf921
SHA1 6e80fbbfd27f933963948fc2f7bf330bd4673db6
SHA256 a0126bc8ffe72b0637e536fff20a41e72dedbcd4202e8fc26c366a4f9eb86dce
SHA512 172e63247c8477bb8f7877b6d94ac6f1e198a3cfe25a022555349312c2a45ac9f9a5534de54fb0fbcb07672a3428af1eaf2398a52d4e6fb3b4ac5f203cf20f6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ab7d944bcd2acf42d6dee3dac7601721
SHA1 ca78d63f4ddf38fa37dcae8a761ff2ab6afc8ab4
SHA256 0affaee5972a58e6ab76e9e3ddb416fcdd7196d94c11022a542e7fb13ece525c
SHA512 06b836094189bc9a0745ad9b389b2a3b2a9e5bfb3e7465babe1c05b9bac64b26d3a90810bf22602f1d31960b593870b5860aa1df1a3f55a5bc015efb471a005c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23dc9ff071e7542ad3c1c1f5b35f8d88
SHA1 5e8becd41a5f364efb79c9b00e5d525d53edb105
SHA256 98074cc9987211d6c20b91dae4c3de071b1df0a70006710090d913768ab6bab0
SHA512 d2b0497ec08ada887c09bc905c80426063ba1dc94e25fdfd8ac1475286b79738c0ead47dd2d29a4a71356a46affa3024d3c230161a48f94f66dd56736e0263d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ecae07abf78325c2b1d7c0241f48b6f6
SHA1 4ec70a6bd64422a349686ed0100a5c64c6f1ec8a
SHA256 a3ce781f93e84a9157970d1ce49f8144692979450a2c62b21de5090bb0ae958f
SHA512 d5ad10e0230e3bf9c0081a2caf35e6568418520575ca714974e747f66b2dca08ea5532bd1124bd9dc14c97ceafa00382516de22a58e349673bb3502121712cbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 7f5e90618bde2ccaba672d03d9e976cb
SHA1 624b4625fc926f0ce01991da053719b1ce6ca243
SHA256 778a86d011cc61df12d0a2a0434e38f7685652644f8cf5226eb359484052562f
SHA512 6e13236dba244f176c8981ef1c5705624194c7b7219635892e5852a68e9a2b0ed4c62734c051f27925469c763dc4e4d8e5fe4eff0273693bb6e00836a01ddf6b

C:\Users\Admin\Documents\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd.zip

MD5 c12755111b74fb6631afd1f9780fbd4d
SHA1 a72ba250311891f8aefc4d2115ea51a9335ab5a6
SHA256 7da806b4feb826a1a375c4664e75ce736dfc6330a6bdf9072e61ef392e499d5d
SHA512 6e786eda6008b1d6b021eac2e9070ae5a1abec30470f1fcb39a875fa104d1e431e2500bfafbbc076a09890d61323726906028f9925ec8b11c90235555f6f8179

C:\Users\Admin\Documents\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.zip

MD5 39790d8ff8a9e2e4924f6f3c92db6ffb
SHA1 a88b4d9a44ce2dd627f594e0da56a25d083f2a43
SHA256 92eec19ceb5f4483c8fbd01a2d7230731bde15a34eaf4838da8626df6ded881f
SHA512 7463e3d3b0346d41779e46aec967b293fecb73eedfe86fa509bc2b338d4ed120dbefc348f31684fc36e96852772faea8b4e6d8c8b4615fe103d7d27ec002e73f

C:\Users\Admin\Documents\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.zip

MD5 4e15150cde9fb15fb2e97d82f9072edc
SHA1 8e495786e4754d895042d1c8b29ccec5c4705efe
SHA256 fba7aa8767fd5c24507c221c74148560e35652fd72364723ec446f0ba9762a91
SHA512 f3801cfaf9ffccffe7a0f8659bd8909357f408c9c9e4b23e81fdffa55722856c0c575227c983020fac198d0a47004224fae2bd5220b8436c6c1c2ff998a211f5

C:\Users\Admin\Documents\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16.zip

MD5 996010931424183f39830f3b0b490959
SHA1 dd940d15a0f0a8622101200d6cc24825c40ab25f
SHA256 86016e72b49fdb35331cbc631df88864badb2c3d708f24051d5853d9e196ab76
SHA512 dc93402c1d58674b15e0ce2b9bfb6e2f473d8c0c9cc8f1afec32191f5706e2804c1066476122ed3d761e3fe1f1208eb435cdfde2e649fcfcf2f54919cf77dda5

C:\Users\Admin\Documents\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.zip

MD5 8013ce48138aed1935e4e12741c428ac
SHA1 333fb899d2a0be6838c295b164d9a085eb95834d
SHA256 f8f085f61eb7fef3c3382cfc7ee97ecdebdec39aa21f0148d1ac7c6264612a65
SHA512 e6530f02fbf07e4ee8cffbada800e2d8374a03cbe76f4828e0239f2f8cba664f9ad0daaa7065d4777e231309b4edb6233241b388a3ca82e9a5defa98d9599265

C:\Users\Admin\Desktop\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd\00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd.exe

MD5 cf0c5808d5b0b6d50babfe2244978480
SHA1 816bb15e67acbf13172603682e279c46f26c809e
SHA256 00034b98e4fa0f708fd27b7d3fec587058729f096c882f8f8b45bfcef7381ebd
SHA512 18496d8bfd4b6db6d5e8aeda93da5ad372b2d9a33f3be9a6c956f8ef80baeed07b5015105558a99cc807c18dc5fca8809a0c268f96a5c7eb5d4330d2482c33e3

C:\Users\Admin\Desktop\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e\1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e.exe

MD5 8c3e6666d0c357de91d364231296c2ca
SHA1 f0898b0471770626823c04d54c3772edbe861b56
SHA256 1249e91509e86189a4366623642f4f145bdeaae21e1ff8408a8e43ca7e3f996e
SHA512 83563a6aeb03fb9dfa9476f8d284ed42b1a40b8b07f8c2328f7265b9a642183387fe190b759e9c0e400056b95c74acc710929a83afe440c828d5865c79237962

memory/1572-692-0x0000000002590000-0x0000000002690000-memory.dmp

memory/1572-693-0x0000000003F30000-0x0000000003F64000-memory.dmp

memory/1572-694-0x0000000000400000-0x00000000022E2000-memory.dmp

C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe

MD5 a2bbc22f2f79b5fbad04b8abd98347c5
SHA1 542568d91718f25fb52c802fb20934b90a035c26
SHA256 d71dce3927eb1e8cefd2720c003e988c2373abbba983c12f830c1411da4b318d
SHA512 13d7418a4a54fe7f3784b461e1228d0a4a10106592f10f709e20675d669658eba98edd75a6fc92e59e74f3f64ba9ed1ce34e1af4b4340f2718e27035f3367475

C:\Users\Admin\Desktop\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019\1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019.exe

MD5 c8563b2ecb3b0d8320758fe26142c312
SHA1 59aa8b78751b63dcaf0d3e70e4af994af97f19b1
SHA256 222ad19ac1b1401a3c2c8a53f9d12ae00446868fd5bc995a88fb5bc0ecd313fb
SHA512 170f5fe31bdca9a0a723417a7d6113a871a31bce73a11c42c2b0408939f10f9074123bd2104e874d71e400f3934c2beb9e5e3c470e92a2d8ff6c86d59163c235

memory/896-707-0x00000000001F0000-0x0000000000590000-memory.dmp

memory/896-708-0x00007FFDFCE40000-0x00007FFDFD82C000-memory.dmp

memory/896-709-0x0000000000E00000-0x0000000000E01000-memory.dmp

memory/896-710-0x000000001B360000-0x000000001B370000-memory.dmp

memory/1572-711-0x0000000000400000-0x00000000022E2000-memory.dmp

memory/896-712-0x000000001B360000-0x000000001B370000-memory.dmp

memory/896-715-0x000000001B360000-0x000000001B370000-memory.dmp

memory/896-716-0x00007FFE17BE0000-0x00007FFE17BE1000-memory.dmp

memory/896-714-0x000000001B2B0000-0x000000001B2D6000-memory.dmp

memory/896-718-0x0000000002670000-0x000000000267E000-memory.dmp

memory/896-719-0x00007FFE17BD0000-0x00007FFE17BD1000-memory.dmp

memory/896-722-0x00007FFE17BC0000-0x00007FFE17BC1000-memory.dmp

memory/896-721-0x00000000027B0000-0x00000000027CC000-memory.dmp

memory/896-723-0x000000001B470000-0x000000001B4C0000-memory.dmp

memory/1572-726-0x0000000002590000-0x0000000002690000-memory.dmp

memory/896-725-0x0000000002680000-0x0000000002690000-memory.dmp

memory/896-727-0x00007FFE17BB0000-0x00007FFE17BB1000-memory.dmp

memory/896-729-0x000000001B300000-0x000000001B318000-memory.dmp

memory/896-731-0x0000000002690000-0x00000000026A0000-memory.dmp

memory/896-732-0x00007FFE17BA0000-0x00007FFE17BA1000-memory.dmp

memory/896-734-0x000000001B2E0000-0x000000001B2F0000-memory.dmp

C:\Users\Admin\Desktop\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe

MD5 021b477ace5e87113272fd8b16830051
SHA1 d55ddb61b67e53245adc5bd12822ea56f1602820
SHA256 e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd
SHA512 ef8c8ff1ff3326848becef2615bd2a629dd1eced13c9b9776d75f3a5cfd2e913324422f806264126befdd0d6908d16be081218ab61fe20ef95111cf9a41c8817

memory/896-736-0x00007FFDFCE40000-0x00007FFDFD82C000-memory.dmp

memory/896-740-0x00007FFE17B80000-0x00007FFE17B81000-memory.dmp

memory/896-737-0x00007FFE17B90000-0x00007FFE17B91000-memory.dmp

memory/3016-741-0x0000000002350000-0x000000000238D000-memory.dmp

memory/3016-744-0x00000000025A0000-0x00000000026A0000-memory.dmp

memory/1600-746-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1440-747-0x0000000001480000-0x0000000001490000-memory.dmp

memory/896-748-0x000000001B360000-0x000000001B370000-memory.dmp

memory/1600-750-0x0000000000400000-0x000000000043F000-memory.dmp

memory/896-752-0x000000001B340000-0x000000001B352000-memory.dmp

memory/896-745-0x00007FFE17B70000-0x00007FFE17B71000-memory.dmp

memory/896-743-0x000000001B2F0000-0x000000001B2FE000-memory.dmp

memory/1600-753-0x0000000000400000-0x000000000043F000-memory.dmp

memory/896-755-0x000000001B320000-0x000000001B32C000-memory.dmp

memory/896-758-0x000000001B330000-0x000000001B340000-memory.dmp

memory/1440-756-0x0000000071E60000-0x0000000072410000-memory.dmp

memory/1600-759-0x0000000000400000-0x000000000043F000-memory.dmp

memory/896-761-0x000000001B4E0000-0x000000001B4F6000-memory.dmp

memory/896-763-0x000000001B500000-0x000000001B512000-memory.dmp

memory/896-764-0x000000001BA50000-0x000000001BF76000-memory.dmp

memory/1440-765-0x0000000071E60000-0x0000000072410000-memory.dmp

memory/896-767-0x000000001B4C0000-0x000000001B4CE000-memory.dmp

memory/896-769-0x000000001B360000-0x000000001B370000-memory.dmp

memory/896-770-0x00007FFE17B20000-0x00007FFE17B21000-memory.dmp

memory/896-768-0x00007FFE17B40000-0x00007FFE17B41000-memory.dmp

memory/896-771-0x000000001B360000-0x000000001B370000-memory.dmp

memory/896-772-0x00007FFE17B50000-0x00007FFE17B51000-memory.dmp

memory/896-782-0x000000001B520000-0x000000001B530000-memory.dmp

memory/896-780-0x00007FFE17B10000-0x00007FFE17B11000-memory.dmp

memory/896-785-0x00007FFE17AF0000-0x00007FFE17AF1000-memory.dmp

memory/3472-784-0x0000000071E60000-0x0000000072410000-memory.dmp

memory/3472-783-0x0000000002F60000-0x0000000002F70000-memory.dmp

memory/896-778-0x00007FFE17B30000-0x00007FFE17B31000-memory.dmp

memory/896-776-0x00007FFE17B60000-0x00007FFE17B61000-memory.dmp

memory/896-775-0x000000001B4D0000-0x000000001B4DC000-memory.dmp

memory/3472-773-0x0000000000400000-0x000000000040C000-memory.dmp

memory/896-786-0x000000001B360000-0x000000001B370000-memory.dmp

memory/1440-787-0x0000000071E60000-0x0000000072410000-memory.dmp

memory/896-790-0x000000001B530000-0x000000001B540000-memory.dmp

memory/896-791-0x00007FFE17AE0000-0x00007FFE17AE1000-memory.dmp

memory/896-788-0x00007FFE17B00000-0x00007FFE17B01000-memory.dmp

memory/896-794-0x000000001B5A0000-0x000000001B5FA000-memory.dmp

memory/896-795-0x00007FFE17AD0000-0x00007FFE17AD1000-memory.dmp

memory/896-797-0x000000001B540000-0x000000001B54E000-memory.dmp

memory/896-798-0x00007FFE17AC0000-0x00007FFE17AC1000-memory.dmp

C:\Program Files\Windows Security\BrowserCore\winlogon.exe

MD5 43bbafc12e49652af85ab568e36e0df4
SHA1 095b183bcd5ad3f71e8e2487d7adf195d6178c9f
SHA256 4fe4fee5275b50cde3dce19ac69e6a2577f9bcb79dd2ef47e8b7fda80cf3db64
SHA512 30eca3485ccfe548c5023f69df9466b3323d40daa818f4db46095a7c2079b8fdc4eb9114eaae72486378afe5ed9ac8cd7178c8cc44d50dcb75d467bd43b06776

C:\Users\Admin\AppData\Local\Temp\PsnJ6b3PSK.bat

MD5 adba1b557a8db9ca0077fab0c8971106
SHA1 b676220495ff3ed8c20a0990c6d2f6994f447afd
SHA256 3880662e4c4c142041dc2335d7f86f2ffd82bcd6758ac1252cb2b8859f709b28
SHA512 3d4aece24badee5a8a7fa55c1a827b4eb6ac469263344e6e1961bbf468168aed231e47aecd7d57bc47c05663ccb2dd0f79845cfbd40a81c7c140d0679a18f662

C:\Users\Admin\Desktop\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16\ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16.exe

MD5 9263197aa58e0e5bce76cce8f6323a9c
SHA1 06cf5f4f2c3b8a7cbf8064f15f4e6f988197470b
SHA256 ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16
SHA512 cdf2f98ac3aa9efddb8908ce1101f429bb390617638d3fdd1ad698fa03727c183879d68a4a1ee8b15a12b1f7c840b8d6df1f6fb63a95ff2ce8d0e5a40bd77fab

memory/2660-841-0x0000000000400000-0x0000000000449000-memory.dmp

memory/2660-846-0x0000000000400000-0x0000000000449000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd.exe.log

MD5 0fd7fe88736c9a4c8ec918b1552b85ac
SHA1 9882bb999e92b1330bb88f202eb7367161fe4a51
SHA256 d15c16c1ac146263045f35409849797dce4e74095ac9057f51fe530472af13df
SHA512 0ff9ef334e4cc9fd6f1e1fdb5aa3b0a8aa13d5f674b48a74fc9ca15c8e25e1c63fd81e1c1fbed03350c4de3bd93b662cd69fd71b21b7be50a45ca1b536f8cb10

C:\Windows\SysWOW64\XPSViewer\de-DE\ApplicationFrameHost.exe

MD5 2cf3bc503cd59cac681f7c7cdf6f2965
SHA1 bafc3373e24b06393ad2ee724f5d1dcda90dafe1
SHA256 1978044967a8e1c7f632630bc906c6d66b0e64c3563455da5a4b029d00cc9019
SHA512 c6e33590ef38a8c54bb56f4e137f5d4de14da7320b7a409b9f989f7bb1055610bca03b8065d3bd32038d43b2cd8c54c930b5fd09e2d766465ddcbc8f3028b0e9

memory/1600-924-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3212-943-0x0000000001300000-0x00000000013AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tXGl5KOL28.bat

MD5 8b8f4e80cfa1a9a34653002e95df3290
SHA1 f7558b18c88204bc6303487ca07d55124a4e068a
SHA256 4b5b731fc3617dea657db348a77e6e70a30928330b2a43eb3513d0c45aa3edde
SHA512 a387b90b7803999b4db45c29b9038b14f74a730e2e95dca78b1a62fb06b8cb8079b73a45d328515c1320cbfa7de7347fa01c2263cc63e90fa6fe9db337d1fca4

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ApplicationFrameHost.exe.log

MD5 bb987b943ab9637f57b430c5c3c7f120
SHA1 06fe9081a43d23c9537f44a3cef2de6826e9cf42
SHA256 651c0afdea1507e6c6be1f97f003c2f40000403504adb5c9f3d581b3349c492f
SHA512 6221bbcf0a618f7cbb25238d6fbb3d75d3d03ca3df4f806b0991ab0fa43ad783acf549c81724c7e65eebebe6ca70557ff874b8d74708447a9999c0ef0558c6f5

memory/3212-958-0x00000000070C0000-0x00000000070E4000-memory.dmp

memory/3212-959-0x00000000070C0000-0x00000000070E3000-memory.dmp

memory/3212-960-0x00000000070F0000-0x0000000007113000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fVfPD2qQtb.bat

MD5 f3f9cc2ec8c9b63f225099877394ec82
SHA1 5a8627f71ac9db8e8e0f715f31edb5383887ea6c
SHA256 a91acfd3edea8d3f1a4773319d880533314062024f5ad20ac1329d2dbd57fbda
SHA512 53f3fe0a563b0e053001c3680247d4635b54dbc767c074810e1a8447c3a61f9e67247c4519094059d8a7a26ecefd20b3eca95da33d147ddc0953dcbeb8d47e9c

C:\Users\Admin\AppData\Local\Temp\nE1uIQLIWX.bat

MD5 55e35d4f2a5c90922603862f84858c3b
SHA1 99d4c597cc3ce99731809d50d5b1c13281c6783e
SHA256 4fe3c2978de9726ec42dfdf6b2e0e5dca04d0bf2cf53843d02ed4d8929528459
SHA512 a2d4ff90a942123348bba40d78a5e07db56f9842649684bae82f367f16959cc0f872293ba1e87fbbb8762706a1926d7a1c999e0337b851c20e48000b1cae34bb

C:\Users\Admin\AppData\Local\Temp\b5cCzjWvuk.bat

MD5 4416e3f74dacc7fa5fa5697c4517a783
SHA1 a8d6a3e95be895ad7083de7e598f717db2293c0a
SHA256 ed65fdf9878acf241ea25ee62b41d3edc0f4329369da6d5cb976aff84f58c818
SHA512 98b6c69de9af9f2f5336e99cc32b2cf728037921dff1f59e66cd820da2aaa345a81bff5e49919883601c497e2afddeb101093bfbc0d4e4ce473863c6d7345016