Analysis

  • max time kernel
    465s
  • max time network
    475s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-03-2024 13:35

General

  • Target

    file.html

  • Size

    92KB

  • MD5

    a5562080bbee34a4c4b4066b69206e80

  • SHA1

    5c35070db763e370862ef746215b72a7b5ac4dfc

  • SHA256

    e2bc20d0cf6aaec78f25a06218bf7029578657dc87c35b3d738dc559f3c97026

  • SHA512

    95c2e5f3c349f753198f5ef73229bc0ddc37bbb6913dda28b57313ef3f990648149d7de53b12c16527548a2dac5c9dc9c506dfee7cbe764ec9946b2c02fd9257

  • SSDEEP

    1536:uiTaQ50ZoTgAJuHnjde83Ml83Mn1CyKxzmFMtH4cZo1sqzptNPnJPfkH80r8GB5I:uiVgAkHnjP16cqfs0Z

Malware Config

Extracted

Family

redline

Botnet

@dxrkl0rd

C2

45.15.156.167:80

Signatures

  • Detect ZGRat V1 4 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 4 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Downloads MZ/PE file
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3592
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe27c9758,0x7fffe27c9768,0x7fffe27c9778
      2⤵
        PID:2756
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:2
        2⤵
          PID:4732
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:8
          2⤵
            PID:1468
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:8
            2⤵
              PID:4276
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:1
              2⤵
                PID:3680
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:1
                2⤵
                  PID:1084
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:1
                  2⤵
                    PID:1140
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:8
                    2⤵
                      PID:2100
                    • C:\Program Files\7-Zip\7zFM.exe
                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Aurora X [by RyosX].rar"
                      2⤵
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      PID:4300
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:4928
                    • C:\Program Files\7-Zip\7zFM.exe
                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Aurora_V2.rar"
                      1⤵
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      PID:2396
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:2248
                      • C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
                        "C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
                        1⤵
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        PID:784
                        • C:\Users\Admin\AppData\Local\Temp\conhost.exe
                          "C:\Users\Admin\AppData\Local\Temp\conhost.exe"
                          2⤵
                          • Executes dropped EXE
                          PID:3576
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
                            3⤵
                              PID:2012
                              • C:\Windows\system32\mode.com
                                mode 65,10
                                4⤵
                                  PID:2960
                                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                  7z.exe e file.zip -p146312891125116171371883110193 -oextracted
                                  4⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  PID:1056
                                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                  7z.exe e extracted/file_2.zip -oextracted
                                  4⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  PID:4884
                                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                  7z.exe e extracted/file_1.zip -oextracted
                                  4⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  PID:4756
                                • C:\Windows\system32\attrib.exe
                                  attrib +H "Installer.exe"
                                  4⤵
                                  • Views/modifies file attributes
                                  PID:3892
                                • C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
                                  "Installer.exe"
                                  4⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetThreadContext
                                  PID:1044
                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                    5⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4588
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "cmd.exe" /C powershell -EncodedCommand "PAAjAEsAYQBLAGYAVwBPAEIAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwAwAFcAUgA4ADcASABuAEIAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAYQBVADEAQgBWADYAcAB2AHUAMAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBWAE0ANgB2AEoAUwBTADIAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                                      6⤵
                                        PID:4364
                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          powershell -EncodedCommand "PAAjAEsAYQBLAGYAVwBPAEIAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwAwAFcAUgA4ADcASABuAEIAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAYQBVADEAQgBWADYAcAB2AHUAMAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBWAE0ANgB2AEoAUwBTADIAIwA+AA=="
                                          7⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2772
                                      • C:\Windows\SysWOW64\cmd.exe
                                        "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                                        6⤵
                                          PID:5072
                                        • C:\Windows\SysWOW64\cmd.exe
                                          "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk328" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                                          6⤵
                                            PID:2504
                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Suspicious use of SetThreadContext
                                    PID:2392
                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                      3⤵
                                        PID:4168
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 1120
                                          4⤵
                                          • Program crash
                                          PID:4784
                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        "powershell.exe" Remove -ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'kwweifjdskdv';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'kwweifjdskdv' -Value '"C:\Users\Admin\AppData\Local\kwweifjdskdv\kwweifjdskdv.exe"' -PropertyType 'String'
                                        3⤵
                                        • Adds Run key to start application
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1816
                                  • C:\Windows\system32\NOTEPAD.EXE
                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Aurora_V2\Aurora.txt
                                    1⤵
                                    • Opens file in notepad (likely ransom note)
                                    • Suspicious use of FindShellTrayWindow
                                    PID:2092
                                  • C:\Windows\system32\OpenWith.exe
                                    C:\Windows\system32\OpenWith.exe -Embedding
                                    1⤵
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of SetWindowsHookEx
                                    PID:3328
                                    • C:\Windows\system32\NOTEPAD.EXE
                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Aurora_V2\scripts\scripts.dll
                                      2⤵
                                      • Opens file in notepad (likely ransom note)
                                      PID:2840
                                  • C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
                                    "C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2260
                                  • C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
                                    "C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    PID:4820
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 700
                                      2⤵
                                      • Program crash
                                      PID:3332
                                  • C:\Windows\system32\taskmgr.exe
                                    "C:\Windows\system32\taskmgr.exe" /7
                                    1⤵
                                    • Drops file in Windows directory
                                    • Checks SCSI registry key(s)
                                    • Checks processor information in registry
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:712
                                  • C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
                                    "C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:948
                                  • C:\Windows\System32\notepad.exe
                                    "C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\WaitInvoke.ps1"
                                    1⤵
                                    • Opens file in notepad (likely ransom note)
                                    PID:32
                                  • C:\Windows\system32\OpenWith.exe
                                    C:\Windows\system32\OpenWith.exe -Embedding
                                    1⤵
                                    • Modifies registry class
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of SetWindowsHookEx
                                    PID:2420
                                  • C:\Windows\System32\WScript.exe
                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\InstallMount.vbs"
                                    1⤵
                                      PID:1108
                                    • C:\Program Files\7-Zip\7zFM.exe
                                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\SwitchClear.rar"
                                      1⤵
                                        PID:4220
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                        1⤵
                                        • Enumerates system info in registry
                                        • Modifies data under HKEY_USERS
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                        PID:4064
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd1b99758,0x7fffd1b99768,0x7fffd1b99778
                                          2⤵
                                            PID:2556
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=480 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:2
                                            2⤵
                                              PID:3872
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
                                              2⤵
                                                PID:4668
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
                                                2⤵
                                                  PID:1872
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
                                                  2⤵
                                                    PID:1588
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
                                                    2⤵
                                                      PID:708
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
                                                      2⤵
                                                        PID:2452
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3880 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
                                                        2⤵
                                                          PID:980
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4828 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
                                                          2⤵
                                                            PID:4708
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4944 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
                                                            2⤵
                                                              PID:2204
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
                                                              2⤵
                                                                PID:3264
                                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
                                                                2⤵
                                                                  PID:596
                                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff793177688,0x7ff793177698,0x7ff7931776a8
                                                                    3⤵
                                                                      PID:3704
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:1196
                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
                                                                      2⤵
                                                                        PID:4664
                                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff793177688,0x7ff793177698,0x7ff7931776a8
                                                                          3⤵
                                                                            PID:3976
                                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                        1⤵
                                                                          PID:4620
                                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                                          1⤵
                                                                          • Drops file in Windows directory
                                                                          • Modifies registry class
                                                                          PID:436
                                                                        • C:\Windows\system32\browser_broker.exe
                                                                          C:\Windows\system32\browser_broker.exe -Embedding
                                                                          1⤵
                                                                          • Modifies Internet Explorer settings
                                                                          PID:1356
                                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                          1⤵
                                                                          • Modifies registry class
                                                                          • Suspicious behavior: MapViewOfSection
                                                                          PID:4164
                                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                          1⤵
                                                                          • Drops file in Windows directory
                                                                          • Modifies Internet Explorer settings
                                                                          • Modifies registry class
                                                                          PID:2088
                                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                          1⤵
                                                                          • Drops file in Windows directory
                                                                          • Modifies registry class
                                                                          PID:5104
                                                                        • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                                                                          "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
                                                                          1⤵
                                                                            PID:3076
                                                                            • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
                                                                              "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
                                                                              2⤵
                                                                                PID:4628
                                                                              • C:\Windows\SysWOW64\unregmp2.exe
                                                                                "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
                                                                                2⤵
                                                                                  PID:4196
                                                                                  • C:\Windows\System32\unregmp2.exe
                                                                                    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                                                                                    3⤵
                                                                                    • Enumerates connected drives
                                                                                    PID:2544
                                                                              • C:\Windows\System32\SystemSettingsBroker.exe
                                                                                C:\Windows\System32\SystemSettingsBroker.exe -Embedding
                                                                                1⤵
                                                                                  PID:4356
                                                                                • \??\c:\windows\system32\svchost.exe
                                                                                  c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
                                                                                  1⤵
                                                                                    PID:5084
                                                                                  • \??\c:\windows\system32\svchost.exe
                                                                                    c:\windows\system32\svchost.exe -k localservice -s SstpSvc
                                                                                    1⤵
                                                                                      PID:3876
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
                                                                                      1⤵
                                                                                      • Checks SCSI registry key(s)
                                                                                      • Modifies data under HKEY_USERS
                                                                                      PID:1248
                                                                                    • \??\c:\windows\system32\svchost.exe
                                                                                      c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
                                                                                      1⤵
                                                                                      • Drops file in Windows directory
                                                                                      PID:4844
                                                                                    • \??\c:\windows\system32\svchost.exe
                                                                                      c:\windows\system32\svchost.exe -k netsvcs -s RasMan
                                                                                      1⤵
                                                                                        PID:1060
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                        1⤵
                                                                                        • Enumerates system info in registry
                                                                                        • Modifies data under HKEY_USERS
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                        PID:5088
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd1b99758,0x7fffd1b99768,0x7fffd1b99778
                                                                                          2⤵
                                                                                            PID:2576
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:2
                                                                                            2⤵
                                                                                              PID:1092
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
                                                                                              2⤵
                                                                                                PID:1644
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:2524
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4336
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:3284
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:4688
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:2308
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:5108
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4828 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:3892
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1848 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:4448
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4436 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:1620
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:1292
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5596 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:4196
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5632 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:2488
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5816 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:4756
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5952 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:2772
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4784 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:3192
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5420 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:736
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6088 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:4796
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2980 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:1748
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2892 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:3904
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3856 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:3184
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6548 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:2052
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
                                                                                                                                          2⤵
                                                                                                                                            PID:5496
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7024 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:5668
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7064 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:5680
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7080 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:5712
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7312 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5860
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7412 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:5868
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7056 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:6040
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7348 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:6048
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8008 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:4620
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4448 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:2
                                                                                                                                                            2⤵
                                                                                                                                                              PID:5968
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                                            1⤵
                                                                                                                                                              PID:4132
                                                                                                                                                            • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                                                                              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SwitchEdit.3gp"
                                                                                                                                                              1⤵
                                                                                                                                                              • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                              PID:1356

                                                                                                                                                            Network

                                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                                            Replay Monitor

                                                                                                                                                            Loading Replay Monitor...

                                                                                                                                                            Downloads

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                              Filesize

                                                                                                                                                              40B

                                                                                                                                                              MD5

                                                                                                                                                              bfe26c884d6446bdf66ae7ed0aaf5730

                                                                                                                                                              SHA1

                                                                                                                                                              b0beacc9d6aa7c7561c846ae0e49dda1da819963

                                                                                                                                                              SHA256

                                                                                                                                                              72f8738485174d528b665df1084ab3aecaba0368a1e564fe9815836b8104b538

                                                                                                                                                              SHA512

                                                                                                                                                              63582d56887087d0be3a109b8ab4a6b8f550bc49aff3d4b9ef4e97108ed65cfc7e3cd87531314cc32fe2046e7dfce80e404cb27e0833e5f6b786517aad575077

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                              Filesize

                                                                                                                                                              44KB

                                                                                                                                                              MD5

                                                                                                                                                              c4558412736e9dd6cedf72ff5eddc697

                                                                                                                                                              SHA1

                                                                                                                                                              b40787b86bff27a82ea5b36df173c04efab7f1df

                                                                                                                                                              SHA256

                                                                                                                                                              99be80224442e57f20432db4e00b9df542874b7b6a741c87f312a10b2c285730

                                                                                                                                                              SHA512

                                                                                                                                                              940754fddd21cc3661715f3fac120faa93444fe136f20e48d33287243fe7da4a9694d7c23627e413fdda7534fe13d52d98df1ef1f43268280f1ee859ee848d82

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                              Filesize

                                                                                                                                                              264KB

                                                                                                                                                              MD5

                                                                                                                                                              0780e066f709e3d1d21b5c5b4b8be509

                                                                                                                                                              SHA1

                                                                                                                                                              eeebbe6b5cc23727e1c70f68fd8994945f20c821

                                                                                                                                                              SHA256

                                                                                                                                                              b317826793287219645e73fbe990d4377514e4996e335410b6d36ccf29afc7e9

                                                                                                                                                              SHA512

                                                                                                                                                              981e2893a99d22073837bf2f6f831e6589ee362af1aacb95feb139dcf91269461c2da469f8b85808da6ce9cf2a0b8e48cacefc2bfb4d13441cb931c313cbccd6

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                                                                                                                                              Filesize

                                                                                                                                                              195KB

                                                                                                                                                              MD5

                                                                                                                                                              89d79dbf26a3c2e22ddd95766fe3173d

                                                                                                                                                              SHA1

                                                                                                                                                              f38fd066eef4cf4e72a934548eafb5f6abb00b53

                                                                                                                                                              SHA256

                                                                                                                                                              367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

                                                                                                                                                              SHA512

                                                                                                                                                              ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

                                                                                                                                                              Filesize

                                                                                                                                                              62KB

                                                                                                                                                              MD5

                                                                                                                                                              e1b1b180e0ac6fa588cc6a536e379f84

                                                                                                                                                              SHA1

                                                                                                                                                              e850ccdf4ca521e614e6c1bf31e4a2dfe08ae462

                                                                                                                                                              SHA256

                                                                                                                                                              72d84e0126277ef39e8ac647c57330904b3aa34f238ae51b671472db6bfcea0c

                                                                                                                                                              SHA512

                                                                                                                                                              2031f73585c9d6c8966ddd65e4534c391dadeccb875b659054f96dd7a6114fa9b2ca99593b0f74cba8b90b358b141404db12d4dafd3d347d248b5034e54cfa01

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                              Filesize

                                                                                                                                                              168B

                                                                                                                                                              MD5

                                                                                                                                                              479cd5967499db3ae5e329fe29d354e4

                                                                                                                                                              SHA1

                                                                                                                                                              79a63478cd7406273361e69eee11ef5f1e4d9284

                                                                                                                                                              SHA256

                                                                                                                                                              d50c5d731800493df53e46bb742ca764beb2c875ac63d6e7f4915c9aa9d0979a

                                                                                                                                                              SHA512

                                                                                                                                                              952152b49362a215af87555bc54b259c092852fd90e01dc20a341675102f128c71e960b9af968470b97a2a937fd5c9f7b2d04ab048ae89a6c3da6838d84663a2

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                              Filesize

                                                                                                                                                              168B

                                                                                                                                                              MD5

                                                                                                                                                              39770b61e1004479818f5abc7951713b

                                                                                                                                                              SHA1

                                                                                                                                                              a812f1c5cdac0297be6ea3d62ce8e1c2bcbb0700

                                                                                                                                                              SHA256

                                                                                                                                                              144a3b107e9162d36fe55fff5e99a1e95ff27ec362491778c6846d12d56a0aa0

                                                                                                                                                              SHA512

                                                                                                                                                              acb0134e427f711f77ebc09e6f81031ebfb714c7f8560b3ea225047f145bbab26c0cf9ef4e9e81682abbad903b67f58b29034d0c4ab343cb0f1881d053085450

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                              Filesize

                                                                                                                                                              1KB

                                                                                                                                                              MD5

                                                                                                                                                              f61be35e932b1f9bd86a426218971b41

                                                                                                                                                              SHA1

                                                                                                                                                              8e956cf74b8bbf034fca3c291f4ffe3c269f135b

                                                                                                                                                              SHA256

                                                                                                                                                              2727f7573b45831e22843d87972e870338ac522838a77ee6e80fc05cf6f8b2ce

                                                                                                                                                              SHA512

                                                                                                                                                              aaa7c808e88e8c61b5e86cc2b4656277212da058b2c9c94d347e5024fdedadbf2b1bc3ba2b309c60e0bd0c8589511c91cab19795b0586b8f226fa8548fa4295b

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                                                                                                                                              Filesize

                                                                                                                                                              148KB

                                                                                                                                                              MD5

                                                                                                                                                              5abd85bde6ef676c9a36a345014f9bbf

                                                                                                                                                              SHA1

                                                                                                                                                              090c86546d557ad0f0f47c942d0322e05d201459

                                                                                                                                                              SHA256

                                                                                                                                                              fdd10e530931247c3012021eb869515eeebc0814c5a41b904dbc01458c3d06f0

                                                                                                                                                              SHA512

                                                                                                                                                              b8d729a64f3ce1116d12f3418db29553de1353a68c5534d2a675118c644d784c359366cf38fd2da625793171a201abdac26e621fcf2968f6c559da1c29e2a387

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

                                                                                                                                                              Filesize

                                                                                                                                                              8KB

                                                                                                                                                              MD5

                                                                                                                                                              32306aff7f2269e8c5111e72182be578

                                                                                                                                                              SHA1

                                                                                                                                                              7d1259589193567080c7b2dab771a5da1e31621a

                                                                                                                                                              SHA256

                                                                                                                                                              348b5d18a508ddaa7d9461d8a696c58fc356ad335e5c37ad55f45f872206b241

                                                                                                                                                              SHA512

                                                                                                                                                              905814d738ab3d410fb2bb474f9a25d3bd92a57b435c38d9d4822196fc00612aeedbd7625fc50435a2b7e301ae9dc583ca48f80b3d030e3611f36bb83b167069

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                              Filesize

                                                                                                                                                              344B

                                                                                                                                                              MD5

                                                                                                                                                              5537af63387cf44c4ce7b229b28eb828

                                                                                                                                                              SHA1

                                                                                                                                                              c2aa68d517a2b9cc14ebdd5ff94e45f7b6b85363

                                                                                                                                                              SHA256

                                                                                                                                                              f9340ce71902fd6401510eeebcb9b4de61ab9cf33ca23d4c09e9b0238e495c36

                                                                                                                                                              SHA512

                                                                                                                                                              c4497303339e74941ecca522eb082a7fb758e004de4db693836dd25d250628559fde75d599e51e78a8ce899b03dfb4ad5272796922a920d22589c267bd014919

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                              Filesize

                                                                                                                                                              329B

                                                                                                                                                              MD5

                                                                                                                                                              dcef0c64a9f00c4fb359e96c02572bb7

                                                                                                                                                              SHA1

                                                                                                                                                              e719dbb98c2227e128c5afcf4dfe39b779f21ef2

                                                                                                                                                              SHA256

                                                                                                                                                              508a92d614bdb3ab04c15b562d2b1f059d0fef58b5e811e06d1b9dc6a8c83e11

                                                                                                                                                              SHA512

                                                                                                                                                              2b9b927d42cba357d37106fee4c807a6463fd8c324d88ee5e330bdd6943071e58c50bb8f8a377494a984395758ca82bb5285b3efa9c2c51cd1c953c920f02a32

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                              Filesize

                                                                                                                                                              2KB

                                                                                                                                                              MD5

                                                                                                                                                              40f365f3f37116b78e1e2723a09392f8

                                                                                                                                                              SHA1

                                                                                                                                                              71e8dfe6647534e498cf4dee92bcc9929821de26

                                                                                                                                                              SHA256

                                                                                                                                                              80f7eb7d2df7e347bafb954e6a7a31a88ac0ac6de61229d319922fe1a758e1dd

                                                                                                                                                              SHA512

                                                                                                                                                              15d4b658dac4fac7398fe1e49c27ad5ba93fed4be1d4fc806d411d5312910bb13449cb405fd9515be1e11763104f6dbc51329ed85aeebef1cf02fb414a0375f4

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                              Filesize

                                                                                                                                                              13KB

                                                                                                                                                              MD5

                                                                                                                                                              a91c093298b20943b1b1892ff7c6c63e

                                                                                                                                                              SHA1

                                                                                                                                                              2d8716b7d7b164ef34ccd5e2a7ac1971616aa3b6

                                                                                                                                                              SHA256

                                                                                                                                                              3afd922494e23e9ef6c1ec4021cb17e8590ffed6830150876d1093a77f3761a0

                                                                                                                                                              SHA512

                                                                                                                                                              e1148319456c5e06867a8abfdafa3aca7b115df2a7b6aa2485f03ade9d1a444e24eb640d537ad403eb136f9488bce7ab1715dbbe786610eb2fc1c1c6483f8b4b

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                              Filesize

                                                                                                                                                              1KB

                                                                                                                                                              MD5

                                                                                                                                                              f310d07ae7de1c5271d42c5985b4e50d

                                                                                                                                                              SHA1

                                                                                                                                                              6d755982245344011da510139ab03036f0e96b1b

                                                                                                                                                              SHA256

                                                                                                                                                              6a4f3a7a84634ea2dfa3017046b35640402ba741b97f96130363c3bb0f8eb5e7

                                                                                                                                                              SHA512

                                                                                                                                                              7df745312c88489de094c2141b1fba7ea09b26f5cbef7568346f8b7f530603db3ab5c05c741e65457ef5987c838311ddf6c3b7d47220f3f58ab88864cf9dbc49

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                              Filesize

                                                                                                                                                              1KB

                                                                                                                                                              MD5

                                                                                                                                                              cb463d41c8b365cc1a66afd1d2d3fb3f

                                                                                                                                                              SHA1

                                                                                                                                                              469456419f061237638d7150ec9bf73a0ac20b98

                                                                                                                                                              SHA256

                                                                                                                                                              00b2136e625ed65e2c75c872532baa3eed2534ed27171a179c80d5f64fddeb56

                                                                                                                                                              SHA512

                                                                                                                                                              cfb83e1dc0718c7f1cd37141069038705db798ed7db8ef0c76188bc7368fc43e3244769efdb3ffd108a179d58854f44af535b2423accce578b3fcb851fcd0c0b

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              869B

                                                                                                                                                              MD5

                                                                                                                                                              86c7600be15e3cda4254e2af0f6b2708

                                                                                                                                                              SHA1

                                                                                                                                                              cab042776d11cbed02aaec4991aa44a340a08819

                                                                                                                                                              SHA256

                                                                                                                                                              be2d43b7e07a9197b262ea8229645b0edf991d622ebf5273f58040f1822139d7

                                                                                                                                                              SHA512

                                                                                                                                                              80c8a2e3f39d3852d7e98097174f94551dfb411b082155fda6577b4e5e8c1ad162cd50f68b7a848794fa32396af4b355b1d309a1047adc716de13b1fb70df11d

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              871B

                                                                                                                                                              MD5

                                                                                                                                                              67050e363b5fe7543996fa974ab86345

                                                                                                                                                              SHA1

                                                                                                                                                              b6811ba099f4fc18e366bdbdf08fb8dbb41024d5

                                                                                                                                                              SHA256

                                                                                                                                                              b48a82298382905fa11dc5411784a28ffb022dba3c225fd4d5cd38885f2b8dc8

                                                                                                                                                              SHA512

                                                                                                                                                              2d26d66b485bebe77356533e2508a7e0e762a832d6db1d4319c3f834fc44e551991eb14284e03242c9fe11d135801ed7970d5d802ccf0fb414a6a7f7b122dfb2

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              871B

                                                                                                                                                              MD5

                                                                                                                                                              0cc3f1059048b9c1f9ad2102db83455c

                                                                                                                                                              SHA1

                                                                                                                                                              ff32a1f5cf207ce8d369b1b9ea6174744a21113a

                                                                                                                                                              SHA256

                                                                                                                                                              73510d8b25c5826f7e935106ac5922d804143522b11c128e64fa96c92872569b

                                                                                                                                                              SHA512

                                                                                                                                                              610c26cc4cebc3a794335eba6bdd31702fcbf8de93657e2252f5ac817ef0ad6123a762798a9c9bda0393cd5178deac75ad34eef7dc8aec2a25580618151980b4

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              3KB

                                                                                                                                                              MD5

                                                                                                                                                              0e08386a29185563569ab4df205c7295

                                                                                                                                                              SHA1

                                                                                                                                                              0682c08a2577ec00c8a84fea279110475296284d

                                                                                                                                                              SHA256

                                                                                                                                                              59a7154110f8aac4e8cb6fba544fe676058cb11772df5f77febc9ebbada7f359

                                                                                                                                                              SHA512

                                                                                                                                                              d432b3ab8eb20bd4a062b70180587b4aef83aa424c0eb1764c570947a9b8449dba27a2b82ba0e796f89e0d60777edb0c839771a8d7578add16223ec6cd620225

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              871B

                                                                                                                                                              MD5

                                                                                                                                                              a64e90f0458914926d450f7738d9f302

                                                                                                                                                              SHA1

                                                                                                                                                              4888fa37a9416954a58d0b0b6a9f76e7156bd196

                                                                                                                                                              SHA256

                                                                                                                                                              988491dfca82e6edb6775e0449f1de021365bafda25ab974cbccd34a6ddf03f9

                                                                                                                                                              SHA512

                                                                                                                                                              f0efac02934f30784f66fc271a07146d034987628b78890a2342d164c253a0eb56320f1fcf57110891f1a97ef4a70d2d89c2dc92e0a90b5c6b0861a403682151

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              5KB

                                                                                                                                                              MD5

                                                                                                                                                              4b7bc99078eaefbc21bf42e13128c467

                                                                                                                                                              SHA1

                                                                                                                                                              890728007f4a10c3a96b92290cc15d518a96f620

                                                                                                                                                              SHA256

                                                                                                                                                              3dcf3a150541f7605af481147f7cfb9eaf4ed9be7c8746f96848a150191f5bbb

                                                                                                                                                              SHA512

                                                                                                                                                              9fdafd673ccb6c4cb23f3924e0a12d72be1b412714dfa1e601b6c107072cc601194a970c25aab2af5f037d862efe59be99b15d0345ecf18b9544669e1a5d3d39

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              5KB

                                                                                                                                                              MD5

                                                                                                                                                              44e89f402119563e312da2dae88742d0

                                                                                                                                                              SHA1

                                                                                                                                                              fe7a1a5e7244b1f79a64f41a691b2184dc743eff

                                                                                                                                                              SHA256

                                                                                                                                                              312d92ee9565654707db383f35f7c6e4b905d9b8d938e3f620a38c1097c142dc

                                                                                                                                                              SHA512

                                                                                                                                                              bbbd9bb1660af718dca0630ac1cea9517b961901e6fd9e75ee88f50912ea2fc27d3220bc7fb9c176d05cc8374f7a0403449b5cc92b124a386f14c4977ad60829

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                              Filesize

                                                                                                                                                              871B

                                                                                                                                                              MD5

                                                                                                                                                              ca809b4b342c9b127d7d11d7d7108ffc

                                                                                                                                                              SHA1

                                                                                                                                                              cf9bc1d32cc33e33ed735e30362ee06d5572399e

                                                                                                                                                              SHA256

                                                                                                                                                              400210d71197238e1cd77fefe0615d80c362d8f347b9d7e6556e4e9caa245c21

                                                                                                                                                              SHA512

                                                                                                                                                              4897bc5167df1ba2bc04e87f6ace5821e183dc8fd3531c54d41bd3beac53232edcfd40221a2f8fe7459581372c6da04fe7c21de15fefc5b111dbb846486138f5

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              5KB

                                                                                                                                                              MD5

                                                                                                                                                              8d341ac9c82496fa443e5def1e770062

                                                                                                                                                              SHA1

                                                                                                                                                              66dab3bb815dd72b456c40f061d381050928c5e1

                                                                                                                                                              SHA256

                                                                                                                                                              25f3563b1b7deeff51c1b55bd0215d602d4e1d2b4f829fad2e6bb740ab2073e1

                                                                                                                                                              SHA512

                                                                                                                                                              2fb96a0e6d3ed4e836e048f313ebcab066dc3e6ae754c3b92f1ae0abe5385ce60ff48f9c408e2ce58b5678b0290fd864fb593e577ae9078ed3e45c7a9f3bcade

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              20b3a225a1804c4d91871e53d9f51ebc

                                                                                                                                                              SHA1

                                                                                                                                                              f154cf6f990c81f555797a1ae644ea3116052a70

                                                                                                                                                              SHA256

                                                                                                                                                              753c0b27445d9b78bd8133f18fe38784f3258205ab131da68a6d43a6324281f5

                                                                                                                                                              SHA512

                                                                                                                                                              94296cac01c7334e6ec8f5dfe2db2e81fe68af68b9e268d8f0b1735238a6a660ea0f75a5219c3efb430991dd63772b6ff19a1e193f233d1e7b55e1f163be7785

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              7KB

                                                                                                                                                              MD5

                                                                                                                                                              836a27034a1f3e576630eda32b9db25f

                                                                                                                                                              SHA1

                                                                                                                                                              0fe3018b916259bf151f6f850f55266a676f5a5d

                                                                                                                                                              SHA256

                                                                                                                                                              af39078e2bc769599623a483d01de8803064f212a0045b293ae38a174ba15671

                                                                                                                                                              SHA512

                                                                                                                                                              e9febce32b9535c6c41d3fe6920098e8ae421f152aaa1aa985f2f0969ae129f804b44c0b9a5218be629a403b61b50ddd7eb5d0f42ea720fc18f63ce031b67159

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              7KB

                                                                                                                                                              MD5

                                                                                                                                                              4b6f6b8f32cba2cb94142352078e1125

                                                                                                                                                              SHA1

                                                                                                                                                              0d0336e87f5fe23754e2c6858027bcf0b918ebdf

                                                                                                                                                              SHA256

                                                                                                                                                              65e58498caefd84e2aaf55061a11522475a26852c965090d73c1e36275a67cd0

                                                                                                                                                              SHA512

                                                                                                                                                              fd76313ab53b801faaebd162c7ce177bfca585bdec2c0379e83c60fe17b8b136764c7a608171db4febfbef9bd4d476dce51bffe25638658c7eb75329d5c1962b

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              5KB

                                                                                                                                                              MD5

                                                                                                                                                              039817f84c096728f424ea5712a9d10d

                                                                                                                                                              SHA1

                                                                                                                                                              11cac5418991fa5adbf310edaccac7571c5f9eb8

                                                                                                                                                              SHA256

                                                                                                                                                              3aa14060f72a2c1cfaf1f26238cd11f23c0dc69ceca6d12b59fd658150636fd4

                                                                                                                                                              SHA512

                                                                                                                                                              69096c2d8ec38888084d668135bb44df0aaf238e68dcf7c6c50ef981f61191f9aaeb8caab675560555dc85cac93826e5673a7e9220249425462c296cb84412fb

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              5f962ef84fe7709fb9feff47fb4a6fb0

                                                                                                                                                              SHA1

                                                                                                                                                              2332e39e10067b40a423674f83d5ce4c7ee37d28

                                                                                                                                                              SHA256

                                                                                                                                                              49fb002446abc543a7f08eae2cb92114af8bfcf81863f278cd3dbc3909fe3c9f

                                                                                                                                                              SHA512

                                                                                                                                                              74e025a992139d10f60e26d1b90d0aea03e530d1ee124c98bf43d2524c3d196119012977a44f6f6f956bedadfb0aecf6a4a8ff602be2fcf52e54be3e10fafcd3

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              5KB

                                                                                                                                                              MD5

                                                                                                                                                              630a62240bfca1ee37d6f8c3c3c7e185

                                                                                                                                                              SHA1

                                                                                                                                                              5bc728e35c6a28f1ae97449e861fbf19fb616184

                                                                                                                                                              SHA256

                                                                                                                                                              4df84e0c32e1a0c3e7a83804adf7b756a2070a7dd0f8812f78d541b66a3110e5

                                                                                                                                                              SHA512

                                                                                                                                                              1e31b785a252c9dac472580da1f25dcd33ec42e265c85c832262727ccc35bff6c78bcfe68ef80eb286b7bbbd3e1c1727c335538b6ecf1e1a6773ab887d1c98a7

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              c841565fc28909757e94c99cf2e3b9f5

                                                                                                                                                              SHA1

                                                                                                                                                              8e206df702c5d3b4445afc10bfc485dcbc6e2a26

                                                                                                                                                              SHA256

                                                                                                                                                              350deb03b4a9f6d13315a71570d26db54adaa03720ecdd9558ef40510cd7879e

                                                                                                                                                              SHA512

                                                                                                                                                              a0f5058f788a8a9cb287d2a70aebff32374f918286dab93ec240ff0c906df126ab2f95667a311ba5b12d09fdba7e6c59b828949025d40a009dae21bb39710439

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              5KB

                                                                                                                                                              MD5

                                                                                                                                                              45d2ecaffa8c83c94a9d44e54b9226e8

                                                                                                                                                              SHA1

                                                                                                                                                              5c3d486a366c3f7fcce4bebe593f48a5b71ccac9

                                                                                                                                                              SHA256

                                                                                                                                                              4443fe582e74cdba356d1b69c5c9e26483f546dc1c31edd1be0f1d375960c7a4

                                                                                                                                                              SHA512

                                                                                                                                                              efa10073a2c348aa7bb295ed475f24148c35c2035273fa0789a0028d55341f702fc9be3b8f508669cbc2e92a0ff7ef26c33dfae86cc537ddf775976509e91ffc

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              c541bf28a2e9d645019ca399419f85bc

                                                                                                                                                              SHA1

                                                                                                                                                              838f8ba72f2c88ac534463342c328ead622318fd

                                                                                                                                                              SHA256

                                                                                                                                                              79e037a4b6b84bc9508ad40f180280f582214e1ddf352c41f5c9328ba633ab04

                                                                                                                                                              SHA512

                                                                                                                                                              fbe9a7c3dd136d6bc3dcb2de1c52621b41f5eca4c0e097480c1cfbd76870988c9a750384e768c74a3677b7144a729ad7f80f1095bd05f961a3bf62f13e47075f

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              7KB

                                                                                                                                                              MD5

                                                                                                                                                              dca8ef097c3e588c6d2586e02674584e

                                                                                                                                                              SHA1

                                                                                                                                                              45622d28482f3b5ed34c59acd25f916e881abea2

                                                                                                                                                              SHA256

                                                                                                                                                              42dcf38822d9f445297fe248007b07f2cc4d561761d4ceeb7714a284a90fd10b

                                                                                                                                                              SHA512

                                                                                                                                                              da6139f115d9d8650b1d5263453138fff20ef658fb547e9fe1d9d78f42bdc5b5260843be5ba86d0726404a30a09ce7efde0243f338d6089e558db93f058ec0ee

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              753e75a765b39a23bef566340b15c4a1

                                                                                                                                                              SHA1

                                                                                                                                                              271117416078f85439b7f748d2bf6e341545706c

                                                                                                                                                              SHA256

                                                                                                                                                              b7ef6e4d71d219469e4d0044e2d8db504c1c2e33d62ac2a4396690203695e0f5

                                                                                                                                                              SHA512

                                                                                                                                                              50d8121563431f1bedd2629bf4637f704cc9f58530f35ce8c3aaf35192ae15be089b36f5621eaf1af0d5df60bb17dba2859e3dde7ad18b997de85fe1f0407843

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13353773774712138

                                                                                                                                                              Filesize

                                                                                                                                                              3KB

                                                                                                                                                              MD5

                                                                                                                                                              5dda46a0d8d6bcd65ab49a25cd2cdfad

                                                                                                                                                              SHA1

                                                                                                                                                              d144cebef45f64caa0277b042defa10b4cec6f01

                                                                                                                                                              SHA256

                                                                                                                                                              52654e9fc8522325c469744d142056c633f754228d8b2fc97a7576b2d7bb200a

                                                                                                                                                              SHA512

                                                                                                                                                              33d0ada6aa3798fd6106511f27a34964f9f46f89e06fd5f776f9f6b140d58e66e7af28ccc677a230c75a71bed35f2246391c1d23999f615a1e5474dbb1777802

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                              Filesize

                                                                                                                                                              345B

                                                                                                                                                              MD5

                                                                                                                                                              f67700ce718fc50748cab758d26f0583

                                                                                                                                                              SHA1

                                                                                                                                                              8dfc9a2a0d6d5d059cf829c69b562689daed317f

                                                                                                                                                              SHA256

                                                                                                                                                              512eadbe2ee8f427637d7a954b1ea6fb234428058975d272e3a1dcadc7c9f65b

                                                                                                                                                              SHA512

                                                                                                                                                              733973a07bc77a1d3300e45cc648e0383575e7100a9d4854531a8539c4f38d7990aa59ae7efd4c71cfa8e1f76e3347f821d4efd142209a88f57d92fbc735da18

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                              Filesize

                                                                                                                                                              321B

                                                                                                                                                              MD5

                                                                                                                                                              207a51542be0d62469615eda4e764ce0

                                                                                                                                                              SHA1

                                                                                                                                                              8baab7805b5b736e0d870ff68504463196d2696b

                                                                                                                                                              SHA256

                                                                                                                                                              f2fe6acc3a755ae7438c1ee009642b2770dea932be3075a6c67a7b9f400cf59d

                                                                                                                                                              SHA512

                                                                                                                                                              26ad257127d33e3923c68e8a764e1897b2272e88e1527f3634f13a7e675a68f33895c55011d2152ca1e217a4dc8e4e294eb04addcb2298aaff517cc4c6512305

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

                                                                                                                                                              Filesize

                                                                                                                                                              128KB

                                                                                                                                                              MD5

                                                                                                                                                              0aa0bdc51b83576e3552ce8c99792042

                                                                                                                                                              SHA1

                                                                                                                                                              89bf8b2d200ec205a251739ada767b99ad11e800

                                                                                                                                                              SHA256

                                                                                                                                                              455d8766fe5effb9214be345241ff3fd45c213487df5a5c2483130f4b5ce29ee

                                                                                                                                                              SHA512

                                                                                                                                                              9bc90d0591b2f7af172cc5a90653cafb3927bdfb96ce37e2182c840530848fd44954dd3a59667a9957abaac5b381b17b48a8b12e18c4d5546197965e855b81f8

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d0bd61af-d41c-44a9-886d-14f4e9de7429.tmp

                                                                                                                                                              Filesize

                                                                                                                                                              1B

                                                                                                                                                              MD5

                                                                                                                                                              5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                              SHA1

                                                                                                                                                              3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                              SHA256

                                                                                                                                                              cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                              SHA512

                                                                                                                                                              0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                              Filesize

                                                                                                                                                              2KB

                                                                                                                                                              MD5

                                                                                                                                                              8046b6c1a00092bee4e978867f8f1b90

                                                                                                                                                              SHA1

                                                                                                                                                              c067f56dd246512d228ce0c53d870a56be71fdea

                                                                                                                                                              SHA256

                                                                                                                                                              11c44355213885b378121df5504ed0b9fa9375f1d4cc3af5c8f8c15e7f71c208

                                                                                                                                                              SHA512

                                                                                                                                                              a650313741bfe9f174086a03c2b8ca5b4c736b92f6c45420f0995fd8ec62c5305e5b24fdc9f752e56f6b28fab7e0150df2e111b0a2c79f81e2e37834002be53f

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

                                                                                                                                                              Filesize

                                                                                                                                                              317B

                                                                                                                                                              MD5

                                                                                                                                                              e0f498ac244f907c18c6d7b2ad9a5f28

                                                                                                                                                              SHA1

                                                                                                                                                              fe07b83dc81844e433feb117fbd25aebefe83e68

                                                                                                                                                              SHA256

                                                                                                                                                              6f94c5496bc11ce18b38816cd562a80bacab0468e5e3e2699f2142243d39ffec

                                                                                                                                                              SHA512

                                                                                                                                                              3d82075298b29ec74cf64416e511a8607442c066c941565cec9cc10b58a0d71b241f5dc0a6cb365a7635a2b7508c48f27d0ac348563becf88aa14d1eaef99577

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                              Filesize

                                                                                                                                                              918B

                                                                                                                                                              MD5

                                                                                                                                                              4cf150197b1c6522d289f73ffe25e7e7

                                                                                                                                                              SHA1

                                                                                                                                                              ca5b1e69c94f828a9c5953a4da5acd4cc25a2765

                                                                                                                                                              SHA256

                                                                                                                                                              02c5c5a4b56933e01cb1972afd2fb95536e5dd789892b195091b33d56176bc49

                                                                                                                                                              SHA512

                                                                                                                                                              268aa62121ae79f960b7b9640bc4e30fd4e315b57b7e9619d3c1c99c5b5276665f1566e2b08b1bb1e0cde3af3e14b2fe00f826f7ebb6463efc59a7f0c0af97f0

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                              Filesize

                                                                                                                                                              335B

                                                                                                                                                              MD5

                                                                                                                                                              0ec655159ccd5110aa66f115ebae5efa

                                                                                                                                                              SHA1

                                                                                                                                                              4ef643ac97f4bcb651058ff3eadc6c8e5a8b0eb1

                                                                                                                                                              SHA256

                                                                                                                                                              060cdec6666a5d48518e47254435d91e6627b2152d9bd18c271ff119f353ca6e

                                                                                                                                                              SHA512

                                                                                                                                                              89572b4489d98830cf2b30fa4206b7cc274e5b052d02fc3de7bf52a8e39585adf9e682cc5cef76dd786e3018264a2f4d7922a5a716780025e670c044533319ee

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                                                                              Filesize

                                                                                                                                                              14B

                                                                                                                                                              MD5

                                                                                                                                                              9eae63c7a967fc314dd311d9f46a45b7

                                                                                                                                                              SHA1

                                                                                                                                                              caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

                                                                                                                                                              SHA256

                                                                                                                                                              4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

                                                                                                                                                              SHA512

                                                                                                                                                              bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                              Filesize

                                                                                                                                                              130KB

                                                                                                                                                              MD5

                                                                                                                                                              d3f0fa4addb8ef7165485d2344bac5a6

                                                                                                                                                              SHA1

                                                                                                                                                              a07095a02b8f822fb6d5104a6136dd7aab16d84c

                                                                                                                                                              SHA256

                                                                                                                                                              648b2bf395a7428e1068a21e82cda31331d2b5200d9e8d499939cf9ecc8e705a

                                                                                                                                                              SHA512

                                                                                                                                                              49a6356b26f3966fbc380ef519dc4e5a3f05fcdd4ec2c6b2ab043b882f456110256dea732edb4814385ff72350f27610fb7f3e38979e255a0274449d02db49e4

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                              Filesize

                                                                                                                                                              130KB

                                                                                                                                                              MD5

                                                                                                                                                              410f0afbc17af710e49e841c0d9b14f3

                                                                                                                                                              SHA1

                                                                                                                                                              00129eaa26642fbb619c238db4454a0639cce925

                                                                                                                                                              SHA256

                                                                                                                                                              edfa5b404095eb25b8f9a972df90711fafcb70cb9cf5bc959c776e0449715ce6

                                                                                                                                                              SHA512

                                                                                                                                                              9e442d45a343748e4c7ecf135a74d0da835e5164615f9beacf004445f73e8a03ac8e0670e2d85377fe89a7a8b0ed781a58670daf6b739bf3589df73c176a810e

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                              Filesize

                                                                                                                                                              130KB

                                                                                                                                                              MD5

                                                                                                                                                              414daae6d97ad3a72b48d2bf6fff927b

                                                                                                                                                              SHA1

                                                                                                                                                              807e3029ec0ffd50e97664a0b90481e0b0676bfd

                                                                                                                                                              SHA256

                                                                                                                                                              5fc08f6833a54ae39c4e88cf45983e0d723816d93b99fbda566235f2ba230a5e

                                                                                                                                                              SHA512

                                                                                                                                                              34bc49da739c030ea5084fa7fc843b4c7762dfb872f723eaad168ecbe800686f7a3eda1f3b6cad5ec28d83d799de7b7e0291cf9b5cb17b3c7401b51c928d4799

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                              Filesize

                                                                                                                                                              256KB

                                                                                                                                                              MD5

                                                                                                                                                              9e5aa35ae6b25399ac7523e26cef77a6

                                                                                                                                                              SHA1

                                                                                                                                                              6ff271eb37dffabd1de15c6529bbccc4287dc9a7

                                                                                                                                                              SHA256

                                                                                                                                                              3562b30858b8b82c430ca85d6f064aacce69818e0cf14593ffe3bc6888d20752

                                                                                                                                                              SHA512

                                                                                                                                                              fcf6b48f630805d2cad93e90a589fc50c1558e10562227e981d79bc0ef241f1a94dacff9b9947168eec87e0e4886ae6f8510272e4b91c713217e0b220fae2152

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                              Filesize

                                                                                                                                                              256KB

                                                                                                                                                              MD5

                                                                                                                                                              8e5b246a2ce4af5a3e416802df3eba13

                                                                                                                                                              SHA1

                                                                                                                                                              0eaa8bf19b6a5162135b17a724d6dd51b07d9cea

                                                                                                                                                              SHA256

                                                                                                                                                              d14232f9070ffdef50323448ab2a36a4f7dee060287730537ea4aa29bbf70c53

                                                                                                                                                              SHA512

                                                                                                                                                              490e0b605e13edd97d4073bba89f07e7d94ca6032675ae12bbfb8e0a1532ec665822df633abcaccb90f03a5e8e5fef7093e172367b466841856a5202c294fd48

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                              Filesize

                                                                                                                                                              99KB

                                                                                                                                                              MD5

                                                                                                                                                              52dedffb75ef044d9cc43d039b92f023

                                                                                                                                                              SHA1

                                                                                                                                                              34fca5d1b2db8ec06a20b5fee725584d77fc52e2

                                                                                                                                                              SHA256

                                                                                                                                                              e3961b03fba2938507d852405dcd97cf6b2a713474f59d8e8e0c4cf50f3e5280

                                                                                                                                                              SHA512

                                                                                                                                                              32856f62798511131014e849d26db503703f73c478029a9622b3801765f932ba93bfc60088280358b267972364e8f9c125a916a598d15a20fbd33fecfc15c453

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e3b13.TMP

                                                                                                                                                              Filesize

                                                                                                                                                              92KB

                                                                                                                                                              MD5

                                                                                                                                                              eccdd28845e2eacbe7f9cbd6361eb116

                                                                                                                                                              SHA1

                                                                                                                                                              a05f2ebc7fc05cdef37e388ca80d27a5557501bd

                                                                                                                                                              SHA256

                                                                                                                                                              c3588abda3269c343178479d5baecb0b3e6033c9035d4ca7cedb1a73ccbddd39

                                                                                                                                                              SHA512

                                                                                                                                                              07c7da74a997c7e4ecb5c1c6841d4bedb80125249a8f42f0ed206940abbbf9ab53058bdbbec92498dda2eacdb27b1ce0d3377c5a01cf7f3c07ac2cfe9b40722a

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                                                                              Filesize

                                                                                                                                                              264KB

                                                                                                                                                              MD5

                                                                                                                                                              f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                              SHA1

                                                                                                                                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                              SHA256

                                                                                                                                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                              SHA512

                                                                                                                                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                                                                                              Filesize

                                                                                                                                                              86B

                                                                                                                                                              MD5

                                                                                                                                                              961e3604f228b0d10541ebf921500c86

                                                                                                                                                              SHA1

                                                                                                                                                              6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                                                                              SHA256

                                                                                                                                                              f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                                                                              SHA512

                                                                                                                                                              535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                                                              Filesize

                                                                                                                                                              2B

                                                                                                                                                              MD5

                                                                                                                                                              99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                                              SHA1

                                                                                                                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                                              SHA256

                                                                                                                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                                              SHA512

                                                                                                                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                              Filesize

                                                                                                                                                              2KB

                                                                                                                                                              MD5

                                                                                                                                                              90f2958528f036abcae48d93ede6f8ce

                                                                                                                                                              SHA1

                                                                                                                                                              e5a6935d1c874d66766b83882e49db9d84be3b8a

                                                                                                                                                              SHA256

                                                                                                                                                              4a32fff3e568bf2d9ae0f88279de7009f7949d4030a3a0005e56171268b9f74b

                                                                                                                                                              SHA512

                                                                                                                                                              0c89f2b88e89c9b77a0e4d034513b82c70fa5c57ec976eb418202472eb5ab582e184abfe696927526da0dc687c14e24c9cee1d39432e5f7b4a67b60e0ad25b91

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

                                                                                                                                                              Filesize

                                                                                                                                                              2KB

                                                                                                                                                              MD5

                                                                                                                                                              db01a2c1c7e70b2b038edf8ad5ad9826

                                                                                                                                                              SHA1

                                                                                                                                                              540217c647a73bad8d8a79e3a0f3998b5abd199b

                                                                                                                                                              SHA256

                                                                                                                                                              413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d

                                                                                                                                                              SHA512

                                                                                                                                                              c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                              MD5

                                                                                                                                                              98df921f667bf303621c789390ed9f2e

                                                                                                                                                              SHA1

                                                                                                                                                              d9c82e51534cf1c2eb5a255286de6a09ca364d1a

                                                                                                                                                              SHA256

                                                                                                                                                              8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3

                                                                                                                                                              SHA512

                                                                                                                                                              58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

                                                                                                                                                              Filesize

                                                                                                                                                              9KB

                                                                                                                                                              MD5

                                                                                                                                                              7050d5ae8acfbe560fa11073fef8185d

                                                                                                                                                              SHA1

                                                                                                                                                              5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                                                                              SHA256

                                                                                                                                                              cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                                                                              SHA512

                                                                                                                                                              a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                              Filesize

                                                                                                                                                              19KB

                                                                                                                                                              MD5

                                                                                                                                                              ae858ee8414e0f028a20d170d3d7c2f5

                                                                                                                                                              SHA1

                                                                                                                                                              e84ccb8754bd737480355eb69ad26e078811857c

                                                                                                                                                              SHA256

                                                                                                                                                              e11bb88e04e40e5ca7af2887a037fbe3edcf863e08ca6b8175ab767ae3a57b9b

                                                                                                                                                              SHA512

                                                                                                                                                              02ac68adbbc9e475a7fe86c4104f07ab42059875253274a5bd683aa90260cff22649b3cfeff874369efb2cc2e3d9382f0dcc7a842b2d1dfba70f6606c145c4e0

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4ZT7HBN4\favicon[1].ico

                                                                                                                                                              Filesize

                                                                                                                                                              1KB

                                                                                                                                                              MD5

                                                                                                                                                              9c9964c95355aab3c179df77b9b9e558

                                                                                                                                                              SHA1

                                                                                                                                                              50e995f391853ed2b651a0c0ff5a2ee6a2421a21

                                                                                                                                                              SHA256

                                                                                                                                                              8f80f6042654d323d0b9012e5a66e6824c277cd9ba49a2bd997333e186aa2ac4

                                                                                                                                                              SHA512

                                                                                                                                                              db7c9ff754284dbfb6e90d0c666eddf41454373659c95551bec84fb8bae092585e113685770f4c61a88743ede45a6e05dde65a95a06f9fcd160ed0cf210e99a6

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9708DEBD98BDFC96.TMP

                                                                                                                                                              Filesize

                                                                                                                                                              16KB

                                                                                                                                                              MD5

                                                                                                                                                              3fb6631fcd049ae2c4812896745ff507

                                                                                                                                                              SHA1

                                                                                                                                                              6e839c4f65ac0911899e40749c90a5306c222902

                                                                                                                                                              SHA256

                                                                                                                                                              5a06a5c3c51ddeeb3cbead4fe0bb9bdc1099cd88bacbd937b040041b210d20f9

                                                                                                                                                              SHA512

                                                                                                                                                              2963a3515762b232f5fe86196a940e6646099fdc399259f217710c3087179572ce1e2996c9fbe9e165fa26ea02e8dbb118c31548286692c4991a0eaebbd9562d

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xclen0n2.mg0.ps1

                                                                                                                                                              Filesize

                                                                                                                                                              1B

                                                                                                                                                              MD5

                                                                                                                                                              c4ca4238a0b923820dcc509a6f75849b

                                                                                                                                                              SHA1

                                                                                                                                                              356a192b7913b04c54574d18c28d46e6395428ab

                                                                                                                                                              SHA256

                                                                                                                                                              6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                                                                                                                                              SHA512

                                                                                                                                                              4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\conhost.exe

                                                                                                                                                              Filesize

                                                                                                                                                              2.9MB

                                                                                                                                                              MD5

                                                                                                                                                              8340b7602e82921aa8d72ae4f8ea11cc

                                                                                                                                                              SHA1

                                                                                                                                                              a49524d26639130bc09acb4a0187917fbc5ec003

                                                                                                                                                              SHA256

                                                                                                                                                              efee38133480e7ccaa11424d49bb3d8ebdb89ffb1d81a10f6c405337e7d3a737

                                                                                                                                                              SHA512

                                                                                                                                                              eab92e881f24d6fdcb061540c3ee96f4d4fa9e26a7ef1ea82743ebca3e64821f94467cc65a2c3e83ee4c9091cc4e714e938b9f583c3dc9f88938555322e04f10

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\7z.dll

                                                                                                                                                              Filesize

                                                                                                                                                              1.6MB

                                                                                                                                                              MD5

                                                                                                                                                              72491c7b87a7c2dd350b727444f13bb4

                                                                                                                                                              SHA1

                                                                                                                                                              1e9338d56db7ded386878eab7bb44b8934ab1bc7

                                                                                                                                                              SHA256

                                                                                                                                                              34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

                                                                                                                                                              SHA512

                                                                                                                                                              583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe

                                                                                                                                                              Filesize

                                                                                                                                                              458KB

                                                                                                                                                              MD5

                                                                                                                                                              619f7135621b50fd1900ff24aade1524

                                                                                                                                                              SHA1

                                                                                                                                                              6c7ea8bbd435163ae3945cbef30ef6b9872a4591

                                                                                                                                                              SHA256

                                                                                                                                                              344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

                                                                                                                                                              SHA512

                                                                                                                                                              2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe

                                                                                                                                                              Filesize

                                                                                                                                                              448KB

                                                                                                                                                              MD5

                                                                                                                                                              aa884e0711107a61cc56aa662cf731b3

                                                                                                                                                              SHA1

                                                                                                                                                              a48bd2ba85ee6717b47fb4809491dadf3b6d4c45

                                                                                                                                                              SHA256

                                                                                                                                                              ff698eec9b3b0979e40b906c2a7a8358ac931d4d96685fe5c00fd6dd8e3303b9

                                                                                                                                                              SHA512

                                                                                                                                                              5b97dcf19a465009b11346d95648761047fce2298fb8a81fd6a42ce3baa4eeb47ca726e24a3d6ad2b07f41aadb3c9757aa298d023dad8a2cb98a98d76c554fb8

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

                                                                                                                                                              Filesize

                                                                                                                                                              384KB

                                                                                                                                                              MD5

                                                                                                                                                              2874167161a444db954b0c42227f232b

                                                                                                                                                              SHA1

                                                                                                                                                              14cea2d07600343c78d1176d94cb4da46c043ba6

                                                                                                                                                              SHA256

                                                                                                                                                              6cb2e2927e8f282151e1425142b0b66c8d17e2c362703715c33bc4a0e4985663

                                                                                                                                                              SHA512

                                                                                                                                                              5212137ab297d06bce39c604a944e4bfb4e102debaab1bcf870e03ad9cff975c23026e4c1dec294c93261c091d3536665d12901b7b0e31c3480aa8e8f0f1bbe2

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

                                                                                                                                                              Filesize

                                                                                                                                                              384KB

                                                                                                                                                              MD5

                                                                                                                                                              dc1d146a6c46d5c6f6e399f4a99a9cc5

                                                                                                                                                              SHA1

                                                                                                                                                              e50f37db6c3153c2b5d2230aeaa4ec9fadc681d4

                                                                                                                                                              SHA256

                                                                                                                                                              04ce04daa190b0c322d7caaaecdd96495b8405bd0001838735de166407686bbf

                                                                                                                                                              SHA512

                                                                                                                                                              642c803e6bfe2074821560e5938aec34db51362593e2013fbb017804d16daade03822043289d17c4a3fdd12dfab998d60f70b639f7a1879344130f0babe2a009

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

                                                                                                                                                              Filesize

                                                                                                                                                              448KB

                                                                                                                                                              MD5

                                                                                                                                                              e4ca48380a6effe7a0b89af5ba7f4b16

                                                                                                                                                              SHA1

                                                                                                                                                              dc460bdf5f920d52944be3e8259474f622950c28

                                                                                                                                                              SHA256

                                                                                                                                                              b307235cdfc1adcb429f8c7bbb9fa890dea97ca75e0d5f41b092ff1587650105

                                                                                                                                                              SHA512

                                                                                                                                                              b8e7ff1b5001d389021d05f332d60a82b37e6b010990cf6e4ac9286da25dea516701aebc9e50e15d72dce5d8d3f907b7220cd94ac8796dba95ad277f3ddb740b

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

                                                                                                                                                              Filesize

                                                                                                                                                              832KB

                                                                                                                                                              MD5

                                                                                                                                                              f01c7babbccbc52eb09bddb5cf6b0d3e

                                                                                                                                                              SHA1

                                                                                                                                                              1eaa1e0680664fdcc4346d85c473c74159ee5e7f

                                                                                                                                                              SHA256

                                                                                                                                                              45d3df8fe49f3d75ae63f9bfac027d6ab63866942a83ec182feb986d2cc58ad4

                                                                                                                                                              SHA512

                                                                                                                                                              dcca2f83449678f4aaf6e21e62c57d5adb4764d6101a7fc865fad558194b18bd6ea33843b288b651543e3eb7782bf83eb029645cb623f9ab18fa4ef78bd461af

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\file.bin

                                                                                                                                                              Filesize

                                                                                                                                                              1.9MB

                                                                                                                                                              MD5

                                                                                                                                                              c739dc7d7835f1f4ac33ab32d951b13a

                                                                                                                                                              SHA1

                                                                                                                                                              ac2a9032f893fe788aec2f5b2ff27676f59b82a6

                                                                                                                                                              SHA256

                                                                                                                                                              4af341c7b8e975368889c1e4fadbca9602e2c17858de8a64ca3ee50ca9e316d6

                                                                                                                                                              SHA512

                                                                                                                                                              dc708047e2b77c23cdf3027f7e49f1b01a92970eeb9e31b9e147fac5bdf73747e825bca17c40f8fea0f0fa3edf1868ee1d8c3984f3500570563aa0e1a1e5de8a

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\main\main.bat

                                                                                                                                                              Filesize

                                                                                                                                                              476B

                                                                                                                                                              MD5

                                                                                                                                                              4edd28bf306d37273a4b30ef3f75d92f

                                                                                                                                                              SHA1

                                                                                                                                                              db8fbd39931f0faaa160c700435279210bf97cc3

                                                                                                                                                              SHA256

                                                                                                                                                              e49d849e2a89613a493a07ee4f15f56cde89073e1dc527a4881846dd03eaa130

                                                                                                                                                              SHA512

                                                                                                                                                              b05fb8ff44ce032d09f096de855d99d64f64c03dead392863aa186edd05809fc99825862432dc7b826447b5880fe7b1eeb6135502df35d0227c16691665530df

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\svchost.exe

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                              MD5

                                                                                                                                                              b21687531efe8dc00a1c8351a761d477

                                                                                                                                                              SHA1

                                                                                                                                                              ea3af09ecf64ff0abf3f683d141da1a736c4a094

                                                                                                                                                              SHA256

                                                                                                                                                              b3e7a10bd81672567d2744d0bbee638f0b7d8829540659ccb7b532ccee2e0a0b

                                                                                                                                                              SHA512

                                                                                                                                                              b3d78b761410a15f2cabdc1c98621b037931b0f82628918144f70bd01f9006d8c4c4ac8482e21170710674ebc24eb8abdfa8e3da9be494f19aa3740da0238743

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\svchost.exe

                                                                                                                                                              Filesize

                                                                                                                                                              3.7MB

                                                                                                                                                              MD5

                                                                                                                                                              9e1805660fd7902b6a5ed908666e94c5

                                                                                                                                                              SHA1

                                                                                                                                                              70841471dfd38de430415f79a0798626c60e1fbe

                                                                                                                                                              SHA256

                                                                                                                                                              f510f9a612c31b1873f772827b8bff785492b81992fb97444cae274f93dc6aec

                                                                                                                                                              SHA512

                                                                                                                                                              93701915485e9b1a33f185b0fce6808e0f7eed430eb0f73b9750c4b0f98bee5f21b2fdafb9082ed73d73f6a4a0c84bc97db393440f6da1922c0bb0856820235b

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp32359.WMC\allservices.xml

                                                                                                                                                              Filesize

                                                                                                                                                              546B

                                                                                                                                                              MD5

                                                                                                                                                              df03e65b8e082f24dab09c57bc9c6241

                                                                                                                                                              SHA1

                                                                                                                                                              6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf

                                                                                                                                                              SHA256

                                                                                                                                                              155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba

                                                                                                                                                              SHA512

                                                                                                                                                              ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99

                                                                                                                                                            • C:\Users\Admin\AppData\Local\kwweifjdskdv\kwweifjdskdv.exe

                                                                                                                                                              Filesize

                                                                                                                                                              6.6MB

                                                                                                                                                              MD5

                                                                                                                                                              53eac6a1efcdd851ac025fb7bf7e9ec1

                                                                                                                                                              SHA1

                                                                                                                                                              9e945fc8fa397dc13c993b2ea7bde07648d2fbc7

                                                                                                                                                              SHA256

                                                                                                                                                              85678c213dc5d11411070297d3e899c3c052dee7a2ff1a0ccc26990c7c5f9aa3

                                                                                                                                                              SHA512

                                                                                                                                                              40db6da535d3f2e79127af5795f509ab0a666a493176dfc3a48d82640894c14563ecd5cbec2671768e4b17cb6115308b009f405f1f8e017162d6881ccb95f8c0

                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                                                                                                              Filesize

                                                                                                                                                              75B

                                                                                                                                                              MD5

                                                                                                                                                              17dbc9730975ce24b6f513691ed01d17

                                                                                                                                                              SHA1

                                                                                                                                                              316bdafc9d850b7dcaae4333f213c4b9151c628d

                                                                                                                                                              SHA256

                                                                                                                                                              106175b878e97faf8f43312af6e4b00fec2921c3a63e0bbb3cf5cf906820c800

                                                                                                                                                              SHA512

                                                                                                                                                              e1e85884c753322caea62cd45c8e932fb4b2bd02c1ff9f94cd6555485294982eba46217d682be67b3a052ef70217ad6ed98c6d58207cc2c54437aea4104a5ef9

                                                                                                                                                            • C:\Users\Admin\Desktop\Aurora_V2.rar

                                                                                                                                                              Filesize

                                                                                                                                                              7.8MB

                                                                                                                                                              MD5

                                                                                                                                                              2319c9c1f8ee867e159c7ec45c62a2b0

                                                                                                                                                              SHA1

                                                                                                                                                              6acacabada1f62bd8a890d9af8ec149226c14d6d

                                                                                                                                                              SHA256

                                                                                                                                                              676bd489dd14f999feeada6cea8ac3ac7d01e60a1fa75010c411370d66abd624

                                                                                                                                                              SHA512

                                                                                                                                                              eeb46f1d03fd0e87467cc4596c419a00975f9c7ae2c371cf25120379dc75fefce7fe9ec1330307932ca07ed0a5411d0175a72cab9275a96b2f3c9ee7b767e168

                                                                                                                                                            • C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe

                                                                                                                                                              Filesize

                                                                                                                                                              620KB

                                                                                                                                                              MD5

                                                                                                                                                              403c733d425c072e88fc4a61595519dc

                                                                                                                                                              SHA1

                                                                                                                                                              ad25c881299ef6ac612ea36cdd40884caa479ba4

                                                                                                                                                              SHA256

                                                                                                                                                              96666cb323337b2fc5e3b87369639e637df2bb864a18422fd115c0f8f198b879

                                                                                                                                                              SHA512

                                                                                                                                                              1a30c2be85ec14cb644f3a81062a05b2759c09b6e29245a6856320f47865cd207b694feac6951e1d91c2350cfbe0bdbca2b302d02e92e3286de7bd2b9aafcf3e

                                                                                                                                                            • C:\Users\Admin\Desktop\Aurora_V2\scripts\scripts.dll

                                                                                                                                                              Filesize

                                                                                                                                                              16.6MB

                                                                                                                                                              MD5

                                                                                                                                                              e169df04bee70eb4dc28c6f73bb1ac78

                                                                                                                                                              SHA1

                                                                                                                                                              e9c5d577fa6da41b0b7160dc2f6a5511645b9fb3

                                                                                                                                                              SHA256

                                                                                                                                                              6407f50f47d3bc49518c6ae8d0b63870dd9c22a003c25aa260e972d5a4123331

                                                                                                                                                              SHA512

                                                                                                                                                              488a02a55ad02e85f6faef1fa183daf570911582b2fb3d07687854ba989496fa4e968ffa4d42dbe55b63a7d99974d46427071bfcbc6610c43a4964fd6dda94a1

                                                                                                                                                            • C:\Users\Admin\Downloads\Aurora X [by RyosX].rar

                                                                                                                                                              Filesize

                                                                                                                                                              7.8MB

                                                                                                                                                              MD5

                                                                                                                                                              89fccf749850ede660ae3fbeac95e487

                                                                                                                                                              SHA1

                                                                                                                                                              1795c36e70b4454784419e475516c1e1a35fe221

                                                                                                                                                              SHA256

                                                                                                                                                              ba00978fa3933d128d43f7be77ecd4323284b4bdf1ac80ac0315ef09802749ae

                                                                                                                                                              SHA512

                                                                                                                                                              eb2b97d321f0bda62f6a698f99debf435a8b040c26a1f68f6769bfa88337887c8dc9c951e9e7ff9dfc78b0f5c730155f4302e89f0bb4c870b3c29b4a2b807807

                                                                                                                                                            • C:\Windows\INF\netrasa.PNF

                                                                                                                                                              Filesize

                                                                                                                                                              22KB

                                                                                                                                                              MD5

                                                                                                                                                              80648b43d233468718d717d10187b68d

                                                                                                                                                              SHA1

                                                                                                                                                              a1736e8f0e408ce705722ce097d1adb24ebffc45

                                                                                                                                                              SHA256

                                                                                                                                                              8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

                                                                                                                                                              SHA512

                                                                                                                                                              eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

                                                                                                                                                            • \??\pipe\crashpad_3592_CVDULAVDZXBUGIYD

                                                                                                                                                              MD5

                                                                                                                                                              d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                              SHA1

                                                                                                                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                              SHA256

                                                                                                                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                              SHA512

                                                                                                                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                            • \Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

                                                                                                                                                              Filesize

                                                                                                                                                              742KB

                                                                                                                                                              MD5

                                                                                                                                                              544cd51a596619b78e9b54b70088307d

                                                                                                                                                              SHA1

                                                                                                                                                              4769ddd2dbc1dc44b758964ed0bd231b85880b65

                                                                                                                                                              SHA256

                                                                                                                                                              dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd

                                                                                                                                                              SHA512

                                                                                                                                                              f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

                                                                                                                                                            • \Users\Admin\AppData\Local\Temp\main\7z.dll

                                                                                                                                                              Filesize

                                                                                                                                                              1.4MB

                                                                                                                                                              MD5

                                                                                                                                                              c6036e5945cc6de91bc7085ca6935bea

                                                                                                                                                              SHA1

                                                                                                                                                              8ba1717eae2d1fa71ab71f6e9d8182669b5a0765

                                                                                                                                                              SHA256

                                                                                                                                                              e044b07e4465476885c5db3d993fd29fc7c3a52f29b79f5848c4d2e0f386eb5e

                                                                                                                                                              SHA512

                                                                                                                                                              5fde1d27b122c67b0d1a3dcad078adc4dc4dbb681f742c9d7f7120e839154be641caac8b2cc7e0305a901aff9fc451366bc2634a817e919c79c3eebdfcc1e0cb

                                                                                                                                                            • \Users\Admin\AppData\Local\Temp\main\7z.dll

                                                                                                                                                              Filesize

                                                                                                                                                              448KB

                                                                                                                                                              MD5

                                                                                                                                                              ebb140695a8e29bf947327db342b2ffe

                                                                                                                                                              SHA1

                                                                                                                                                              a8ffd5ece5a14db77e830284c763ae096f42c677

                                                                                                                                                              SHA256

                                                                                                                                                              ae31fdcfb3468581bc4189ff71bf22e2c97f71f24126e9f83891120e0c6aba54

                                                                                                                                                              SHA512

                                                                                                                                                              fdb05e452dff66c349d1d3da26ebcacccbf96287eb297a3ae6177bf22aeb8bafa8c66f3b77e582e3d9d3bc14c0263ec049f7673b2645a0362db2976000b5138d

                                                                                                                                                            • memory/436-1120-0x000002673A380000-0x000002673A390000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/784-163-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/784-118-0x0000000008370000-0x00000000083AE000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              248KB

                                                                                                                                                            • memory/784-131-0x000000000A3E0000-0x000000000A430000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              320KB

                                                                                                                                                            • memory/784-133-0x0000000009B40000-0x0000000009D02000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1.8MB

                                                                                                                                                            • memory/784-106-0x0000000001070000-0x00000000010C0000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              320KB

                                                                                                                                                            • memory/784-110-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/784-134-0x000000000A960000-0x000000000AE8C000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              5.2MB

                                                                                                                                                            • memory/784-130-0x0000000003450000-0x0000000003460000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/784-129-0x00000000092E0000-0x0000000009346000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              408KB

                                                                                                                                                            • memory/784-119-0x00000000083B0000-0x00000000083FB000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              300KB

                                                                                                                                                            • memory/784-181-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/784-111-0x0000000005CD0000-0x00000000061CE000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              5.0MB

                                                                                                                                                            • memory/784-117-0x0000000008310000-0x0000000008322000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              72KB

                                                                                                                                                            • memory/784-116-0x0000000008400000-0x000000000850A000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1.0MB

                                                                                                                                                            • memory/784-112-0x00000000057D0000-0x0000000005862000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              584KB

                                                                                                                                                            • memory/784-115-0x0000000006BA0000-0x00000000071A6000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.0MB

                                                                                                                                                            • memory/784-114-0x0000000003470000-0x000000000347A000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              40KB

                                                                                                                                                            • memory/784-113-0x0000000003450000-0x0000000003460000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/948-925-0x00000000012D0000-0x0000000001320000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              320KB

                                                                                                                                                            • memory/1044-245-0x0000000000E00000-0x0000000000F00000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2260-260-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/2260-253-0x0000000000220000-0x0000000000270000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              320KB

                                                                                                                                                            • memory/2260-264-0x0000000005A70000-0x0000000005ABB000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              300KB

                                                                                                                                                            • memory/2260-263-0x00000000029D0000-0x00000000029E0000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/2392-266-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-164-0x0000000000D60000-0x00000000013E8000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.5MB

                                                                                                                                                            • memory/2392-258-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-212-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-211-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-209-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-210-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-259-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-207-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-206-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-205-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-204-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-202-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/2392-203-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-201-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-261-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-195-0x0000000007000000-0x0000000007192000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1.6MB

                                                                                                                                                            • memory/2392-262-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-193-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-192-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/2392-191-0x0000000006A50000-0x0000000006CA6000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              2.3MB

                                                                                                                                                            • memory/2392-168-0x0000000003B40000-0x0000000003BDC000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              624KB

                                                                                                                                                            • memory/2392-268-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-271-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-282-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/2392-165-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/2392-178-0x0000000006600000-0x0000000006700000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1024KB

                                                                                                                                                            • memory/2392-173-0x0000000006700000-0x0000000006A50000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              3.3MB

                                                                                                                                                            • memory/2772-269-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/2772-278-0x0000000007750000-0x0000000007772000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              136KB

                                                                                                                                                            • memory/2772-275-0x0000000007780000-0x0000000007DA8000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.2MB

                                                                                                                                                            • memory/2772-279-0x0000000007F00000-0x0000000007F66000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              408KB

                                                                                                                                                            • memory/2772-277-0x0000000004BB0000-0x0000000004BC0000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/2772-287-0x0000000007E40000-0x0000000007E5C000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              112KB

                                                                                                                                                            • memory/2772-274-0x0000000004BB0000-0x0000000004BC0000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/2772-270-0x0000000004B10000-0x0000000004B46000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              216KB

                                                                                                                                                            • memory/4168-217-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-230-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-273-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/4168-276-0x0000000004E90000-0x0000000004EA0000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/4168-214-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-219-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-218-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-208-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-216-0x0000000004E90000-0x0000000004EA0000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/4168-215-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/4168-220-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-221-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-222-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-232-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-235-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-233-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-224-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-227-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4168-226-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              56KB

                                                                                                                                                            • memory/4588-244-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              48KB

                                                                                                                                                            • memory/4588-250-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB

                                                                                                                                                            • memory/4588-251-0x0000000005160000-0x0000000005170000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              64KB

                                                                                                                                                            • memory/4820-283-0x00000000010C0000-0x0000000001110000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              320KB

                                                                                                                                                            • memory/4820-289-0x00000000739B0000-0x000000007409E000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              6.9MB