Malware Analysis Report

2024-10-16 03:34

Sample ID 240423-dv1vhscc46
Target http://mf.dwnldro.com/fs/Y2LwSpNg8s
Tags
banload vidar 048d5e906358321b51376c6237a65c77 downloader dropper evasion persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://mf.dwnldro.com/fs/Y2LwSpNg8s was found to be: Known bad.

Malicious Activity Summary

banload vidar 048d5e906358321b51376c6237a65c77 downloader dropper evasion persistence stealer trojan

Vidar

Banload

Detect Vidar Stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Registers COM server for autorun

Loads dropped DLL

Executes dropped EXE

Suspicious use of SetThreadContext

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: MapViewOfSection

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy WMI provider

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

Checks processor information in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-23 03:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-23 03:20

Reported

2024-04-23 03:24

Platform

win11-20240412-en

Max time kernel

206s

Max time network

201s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mf.dwnldro.com/fs/Y2LwSpNg8s

Signatures

Banload

trojan dropper downloader banload

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32 C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\Root\\Office16\\ONENOTE.EXE" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 456 set thread context of 3144 N/A C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe C:\Windows\SysWOW64\netsh.exe

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583160511073736" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ntfhw C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\dgxab C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cUedLosdjAy C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\BbzkAmfbdc C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cUedLosdjAy\ = "FyHi}{\\fcYrBQmd`d~|e" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\okIroGnqMXppp\ = "wNNbpDf]vcIu]" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\wuBnvFWQbI\ = "BMPqippFtsfQxcpqUE~swmW~zVuq{y\x7f" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\BbzkAmfbdc C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\okIroGnqMXppp\ = "wO~bpDf_QwjYA" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ntfhw\ = "]iI`VgPvtAQWzkHiipRSnaDsRK]J" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mtEdjBW C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ntfhw\ = "~\x7f]|~OJ\\pqvFfbM@QuxD^e|ydOaD" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\dgxab\ = "PQ|^ZOgo@k[ZqnM|ApdeON" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\Root\\Office16\\ONENOTE.EXE" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\okIroGnqMXppp C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mtEdjBW C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ = "Application Class" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mtEdjBW\ = "|dM[\\iW\\mHG]JbflGErA\\JDsM{[rsN[" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\cUedLosdjAy C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\wuBnvFWQbI C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\okIroGnqMXppp C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mtEdjBW\ = "bYhdOB^B~SYnnLhLBvV]qbs}S~eAJv`" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\okIroGnqMXppp\ = "M[QW@Sq`Fs]of" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ntfhw C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ProgID C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\TypeLib C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\TypeLib\ = "{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\lwiztp C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mtEdjBW\ = "bYhdOB^B~SYnnLhLBvV]qbs}SNeAJv`" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cUedLosdjAy\ = "Fyxi}{\\fcYrBQmd`d~|e" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\lwiztp C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\BbzkAmfbdc\ = "ygKC\\\x7fQgcWQAyEn]Ry{a^@Tne" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\cUedLosdjAy\ = "_zd[\\~_DEdiFi\x7fGeg\x7fp[" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ProgID\ = "OneNote.Application.12" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\lwiztp\ = "lkkE@J@vuT`wRD{YnDiBvEs_m^" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\wuBnvFWQbI C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\lwiztp\ = "leUHeQgNFCCA^BAg~ThBgNrK[D" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\wuBnvFWQbI\ = "I|]TyUrLi@wGECHEmKUtRohUB}B]hrn" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\cUedLosdjAy\ = "_zT[\\~_DEdiFi\x7fGeg\x7fp[" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3} C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32 C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\dgxab\ = "@_m_cjCUkRahtEJ~_]uOZd" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\BbzkAmfbdc\ = "GYbHOV]d~{nK[bAK~WMRbciGk" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\okIroGnqMXppp\ = "MZaW@Sqbag~Cz" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649} C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\dgxab C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mtEdjBW\ = "|dM[\\iW\\mHG]JbflGErA\\JDsMK[rsN[" C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\ProgramData\TEMP:8934AEBA C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A
File opened for modification C:\ProgramData\TEMP:8934AEBA C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3056 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 3548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 3548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3056 wrote to memory of 132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mf.dwnldro.com/fs/Y2LwSpNg8s

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84320ab58,0x7ff84320ab68,0x7ff84320ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1496 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2936 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4060 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4396 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4788 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4360 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3276 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3108 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3256 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4268 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4844 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4660 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\" -spe -an -ai#7zMap9062:166:7zEvent12332

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1812,i,1218106944221095411,17684096604473189272,131072 /prefetch:2

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\stich.pptx" /ou ""

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe

"C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe"

C:\Windows\SysWOW64\netsh.exe

C:\Windows\SysWOW64\netsh.exe

C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe

C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe

"C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 484 -ip 484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 1744

Network

Country Destination Domain Proto
US 8.8.8.8:53 mf.dwnldro.com udp
US 172.67.158.189:80 mf.dwnldro.com tcp
US 172.67.158.189:80 mf.dwnldro.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 172.67.188.178:443 iplogger.com tcp
US 172.67.188.178:443 iplogger.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com udp
US 8.8.8.8:53 184.3.17.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 172.67.139.251:443 link.reditraff.online tcp
US 172.67.136.165:443 zsdsoftzfile.shop tcp
US 172.67.136.165:443 zsdsoftzfile.shop udp
US 192.0.78.26:443 href.li tcp
US 192.0.78.26:443 href.li tcp
US 104.21.57.125:443 xfgsoftzfile.shop tcp
US 104.21.57.125:443 xfgsoftzfile.shop tcp
US 104.21.45.68:443 dpaste.org tcp
US 104.21.45.68:443 dpaste.org tcp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.187.206:443 apis.google.com udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
LU 89.44.168.80:443 gfs270n370.userstorage.mega.co.nz tcp
LU 89.44.168.80:443 gfs270n370.userstorage.mega.co.nz tcp
LU 89.44.168.80:443 gfs270n370.userstorage.mega.co.nz tcp
LU 89.44.168.80:443 gfs270n370.userstorage.mega.co.nz tcp
LU 89.44.168.80:443 gfs270n370.userstorage.mega.co.nz tcp
LU 89.44.168.80:443 gfs270n370.userstorage.mega.co.nz tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp
NL 23.62.61.162:443 metadata.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 2.17.251.17:443 binaries.templates.cdn.office.net tcp
US 172.67.151.14:443 redddog.xyz tcp
US 172.67.151.14:443 redddog.xyz tcp
US 172.67.151.14:443 redddog.xyz tcp
US 172.67.151.14:443 redddog.xyz tcp

Files

\??\pipe\crashpad_3056_XGBNVFCZIYDNVOVY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28fc64414b94edd1b4d67893d3e297e7
SHA1 c2d771ef6c3626cfdd49f11a3160bfead9ee5ce3
SHA256 c17d9ba9a8e80464fc8cc1e1f8e0476703903eee353bbcff95661ddaadd36c55
SHA512 578e4f3a3304bcba5f6f66f8bc303702ab3a838596184ffc09b0202b6fe6e9e609b609825b0621e484d66c6d2a34300353be04c82619b42534d5068f7e224d9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c33547747f33f1c48a742d2fa721568
SHA1 bd1acfe492efdb6a389f775fb836a95c8c8bbbe3
SHA256 114d5b9976e39c148d9493dd8c2115c94b34dbfffd5f13bc0b118b143da86214
SHA512 8723beb840d150cdc0373500f01474d8ce11435640ac1bc4e3ef6bc213912f63db8158ffed5a7f4a249daebd887d9b0fe3e525a9dd39de1b63b84148ebfa5b57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abe05bf4077713d130206a14d52d3e44
SHA1 4d3fd6611ae9836577feffc8356884cec8d0aae3
SHA256 8e9186692d4cdeca0029412b987f8cf6e4ce26a1e3b916c00e1e5d7ae2604f5b
SHA512 d3bc14ac53a856a6e1c9f574525a8876f16aff5b79c277712812b6f709ff35aa6890c924e3927a340a3681da6b8040c67439521394e137218a9f6b72fd8f2594

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 adfc1fd0bcd40da2949595df08370591
SHA1 2d2a0f3e07d07662bcbfe75c30c44fa9970c227f
SHA256 ab01f09acce9579851f8eeeba4c67f1e1de4f0f46bfdc0d4a13d853f4b89ee44
SHA512 28cd47e3b9d35b0d7bf775e4902693aa802b15f8c55d05354fc43e3841fdad754e3001cd8df70ea90b2fc9033cd9560df682c4f88fd3ae7f5e13e38fd37a301d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 021ea62c6d128abe78d216f303bc721f
SHA1 1b2ed81ef8e3444b49811926c5971360c9e90965
SHA256 6e8d356c27716462d4c49246bafd2543aad79fb3f7cfc399e3fa3a08d39c4583
SHA512 bf6f1cca02680e8922aabb307c962de0f0128a7bcaf0f97f26da91ee338e764f50d41107084f8eac7f039398f791970ee3f1103c0ec37f03c7a023d422f47edd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4675f82f912f4f603f79d81afc7dbd5
SHA1 4b8fa85f521dd95f7be6c09127403978fbf5be91
SHA256 37454f2f72cb95c7920e2eafc43440af865a9353eef26855a562d941bb5ec86e
SHA512 5f9d7a2262a96d5e6024fa410355d12d9000ee2fec7d09e1b95173e5f76823e774f1ebc5941094798cf1383c683bafc7219095262499fd5764344ce870052969

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab499b569c189de3e882004bc1e3b6c9
SHA1 5afc34c9eb2ecd16c9064caebf3ee74bf0bd4f77
SHA256 54581365b7b7ffe15304844eb5b84064753c0e624923f73a072ef86feb8702fa
SHA512 40f638cddfe5fe9681455e3625b207193ab3fc75654e7ca15bc8f08dbfae6fe225aa3e661d41498c2c84f76e3b2af7aae89158ea4caf0c95babb7e167ac5581a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 24a64afe81edcabba886557bcbbe6c53
SHA1 b4c3affb269ce8da8a1cf2140e02c5ad9f3dd618
SHA256 d409202ac65c5a09d2d58b33f5fb1bdfaf5daa04e7268e2c7af88b5913031ee1
SHA512 f121da1360a9fe89f71e67b20ad299f9a0c0a0e4dff2b418cd20d01421e5c5fd9ba7656f8c0bf6c53d6f4bb3b1a53a526d5d2cbded5c73f6b8db91eb507b401d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 086278b0e7542707336f9cacc84d217c
SHA1 ced99a16b566acbe525ff159e7326e2e5c4a8b67
SHA256 cf39652094ba981a1e4ef29538cd06318afbc213ae5eb6aafdd4e0eded9b279f
SHA512 962ab1f8f78d54954253da9ff20a4d4cd541889e83b5b9fd83842397e9b723e6518579c725ae54d96a5a1f431a9ee71805246cdaa2a49709af1d51f0abd83f20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 49fb2536ba61964c0ade96bb472cb782
SHA1 8bfe89b3a86b85ccefff538db07288efa4c2eea6
SHA256 e00c856d322659565acc8ac8b7daefffeb576a6b154119a66a8f4d3b0dfe98ea
SHA512 364e910fdeb8e27ff0df3526cc7ccb2d1dbc830b51ed150b1c37db307bef40afb8cddd8c272e882ee390942309673b7aa49462ada8b0f6fbefccf010a1dd476d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3744d84239403b969f26bd48797f626d
SHA1 0bcdd0d5450e0e675c3ababaed3dc11bfcd2ca32
SHA256 d3bedf7147c0830db6affa11213086be2c5156a04dace6accb950b9626474bff
SHA512 ef56cb765b8582eb122b4bb8fa9af4ba0685dca36b415a6954a4d831289c0e12b026046710957b2762b00c3c582e4249c95269379046061e853b4838823ec8e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f973.TMP

MD5 babfff568b08e8ceb44f97331f890d16
SHA1 cd7ceb9e66a3931f31513a5dec243903fba92bf4
SHA256 898c2542252e34777083b7c07dd5003eb15367428c2e4eb1526d18cc075aa86e
SHA512 5908e7b848ddab49c1ad2ee4e5a7ab24163793aae14564673dc2530f2137323fff4be48fab193849c061a5a91b2ab26ae24e14a63afa864521caca7f2a092ffa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 971673b46aa8f1ac058c758176d70db1
SHA1 bdceb6490cd47c7cee5b3d84eced3c2242198a14
SHA256 f29c5889069eceaf30ed1486acfffc5b0356feff819cc05f6899d02426788bbf
SHA512 0140918c725b232b04f53652689fcbdb83654ee97f3d3473ce93c91e3f6af53a02468cdcd15d7c088e8d9a307d69f71542268adf1809b3bcff324eff145960cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fd4c.TMP

MD5 4967abd110ebee4716c6461af1b545e8
SHA1 6ba48665183cb2aff5fc9de7d4027d3c194e3dca
SHA256 988f5a5754d089444eb2af0498cef6b0ceb315cb02ab9b37151fb9a1016eae12
SHA512 0a07a3708ae961425c7ae9f78f2597c288781ce0613c5b7655bdd67965192ee9096dddc82af90c9390a8d22cc6848a188530eed280fbc159cf2c5bd92fae9397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 170411c2900eb820c42b0332ee3aec8f
SHA1 2ae33f29376f2672b9cd2b6e81bb7de58a781afe
SHA256 72424947287e6e094b3d72fea975c37414558dd6f5c5564708a66677c6c0d60a
SHA512 b1179d94e5f583c55c0c7e65f774105bd934f395319fd6caab6272349c5f697b0233aedb3cc83eff4bb56b56b230966474e53145f27fabb901b8e0cfefe4753d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8d66ca4b24a3b8d6e9ddfde0f3aec6e9
SHA1 eec8d7a1aa61247341c9d015b65b70852136758c
SHA256 8c5a1f5c70a38b412a52ba109bde73a1a958f036e432ea7fa3b678042ea782b0
SHA512 8ee0914832ba8bdfb40ee727911ea815e0b52ebb74089c99018577b37c4a4d05a87cd98aaefff826359150bf96f12410f34836a6aca9d2ec5b0463a2afec8557

memory/4872-643-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-645-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-644-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-647-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-646-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-648-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-650-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-649-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-651-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-652-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-653-0x00007FF80FEC0000-0x00007FF80FED0000-memory.dmp

memory/4872-654-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-655-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-656-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-658-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-659-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-657-0x00007FF80FEC0000-0x00007FF80FED0000-memory.dmp

memory/4872-660-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-661-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\stich.pptx

MD5 4405a43c55d7cb0d2836c0e2ef415932
SHA1 ec94c3a4b475b8b7edc2526bf24a02a366587392
SHA256 5c3ce1831ebf67eec26a6a0136562f7ed8e16a96ed34aca5d3412fb36239a163
SHA512 f83cb3c805916ebbec2b2bd93352c47dbf968859b89a90807e3f839a547dc47b9ba63731e0a4dc819557d16d47bdebb42807a836a9c5feba4812790ef7ea148c

memory/4872-664-0x00007FF850AB0000-0x00007FF850B6D000-memory.dmp

memory/4872-662-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-804-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-805-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-806-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-807-0x00007FF812270000-0x00007FF812280000-memory.dmp

memory/4872-808-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/4872-809-0x00007FF850AB0000-0x00007FF850B6D000-memory.dmp

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\Setup.exe

MD5 98169506fec94c2b12ba9930ad704515
SHA1 bce662a9fb94551f648ba2d7e29659957fd6a428
SHA256 9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
SHA512 7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30

memory/456-812-0x0000000003FE0000-0x00000000041C8000-memory.dmp

memory/456-822-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/456-824-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/456-826-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/456-827-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/456-828-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/456-829-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/456-831-0x0000000000400000-0x0000000001CF7000-memory.dmp

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\ACDBASE.DLL

MD5 dace23695dcfa0f7309b65366ac75bc0
SHA1 c5b1bad2dec36852fae90f81f0dbd00518479c01
SHA256 cf8b85beeff99b13d06ed15c79e555ab74e30dfa1491a36c4332f54ed09887e4
SHA512 0e1e5fc158fb39c3c3c7733226cb846407cd01ca1c49800fb7668134ebef129ab43030f2768a8b149b5ba9a18b2d1b0f8bf23d1a8de487a482e9268e0b679bbb

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\vcruntime140.dll

MD5 699dd61122d91e80abdfcc396ce0ec10
SHA1 7b23a6562e78e1d4be2a16fc7044bdcea724855e
SHA256 f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
SHA512 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\thiourea.iso

MD5 adf37980c7df512be83b824675b17504
SHA1 157daddce6352ef9775fc176cb73bb45b349acdb
SHA256 5d9cdc30c4320f87451a888597c6478e11735c121f604eeab29737db63f443aa
SHA512 6775a654550387da6bd297441e7fddeea140490defda11ea2d92b8e6e5af0ce2ba82b2a1b984276d3c02ac275f59c5cb7d49c2d9cf8f92f8c5044dec3bde9e51

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\libmmd.dll

MD5 b450502e725a31d8057b4eab0715725f
SHA1 d9c08c3d68b383eb783815ebac78b37003eab01c
SHA256 e7500acfa41668f641e1272d17ff33a2924b5c6a3cf61686b50789d5ace51c33
SHA512 4fed4bb2e5d29e0fd11907e6e01abaaf13860972bf90d798374e8e7900f143badd41869b93aa06cf15efddeb275bdf624e0b7f88816ff2dfd1f380aa0c19c1f5

memory/456-839-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-convert-l1-1-0.dll

MD5 9f812bd3815909e559b15cb13489f294
SHA1 df751c956f59b4e3c82496d86895adc7cc1a1619
SHA256 ce6fcc2ddf21720c92bee04f5736a4787acffa970a1b0dbeea39ff5efec52c75
SHA512 0a360e8b81bf80cb6bdf240d627ddcf71b1a4ca42759de61b2d27fab521a8e6e3afa308cc69caf5a7c8b14d98d3d448f0d400ae1826cbe7d0f0ceafd14682064

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-utility-l1-1-0.dll

MD5 8ed70910380aa0b28317512d72762cc0
SHA1 0421518370f24f9559f96459d0798d98b81ea732
SHA256 f15af0db93d9385ff9d8efdc06aacd0729d0dfcb66e91ca0243bb160f2ed89d0
SHA512 b31ef07eaac310fdd3df3546246e7dc696595b8e92141e3db79a44ddc3358b12129e3829a53c76d0fef214e3f29dba77fa5d556211830a140ea34ff62258d9d7

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-time-l1-1-0.dll

MD5 6d35a57a6d8d569f870b96e00e7f1f4d
SHA1 8407bdb3cd5ec15b2ce738b3dbd704aa289ce3e1
SHA256 f41511e477a164eb9451ca51fb3810437f3b15f21e6f5c6ce0956e84ec823723
SHA512 4317b86d32ca93e5f0d832819cf1ab8af68e853a19eb07dd1fa4d168a0b2a8eab309194884ed3a613b09fc6d511be872a053f76f00ea443499006cdd226fea8f

memory/456-861-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-string-l1-1-0.dll

MD5 d282a4fa046d05d40d138cc68c518914
SHA1 d5012090399f405ffe7d2fed09650e3544528322
SHA256 8b1471101145343da5f2c5981c515da4dfae783622ed71d40693fe59c3088d7a
SHA512 718926e728627f67ba60a391339b784accd861a15596f90d7f4e6292709ac3d170bcbca3cbf6267635136cb00b4f93da7dfd219fa0beee0cf8d95ce7090409e4

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-stdio-l1-1-0.dll

MD5 97f24295c9bd6e1acae0c391e68a64cf
SHA1 75700dce304c45ec330a9405523f0f22e5dcbb18
SHA256 189d551fb3cba3dbb9b9c1797e127a52ac486d996f0ac7cba864fe35984a8d28
SHA512 cac75f623545c41b2597a25c14f2af7eb93e3e768b345d3b0e1928d8fd1f12bec39b18b8277f9550aa6a66d9cfe1bf6c3db93ae1eb2a6c07019d4f210b3e5998

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6b39d005deb6c5ef2c9dd9e013b32252
SHA1 79a0736454befd88ba8d6bd88794d07712e38a67
SHA256 b0e50572eb82a46ed499775e95bfde7cb25c498957432c18c20cf930f332efd0
SHA512 50bc1f669499589a480379d72166dae701914427d51223994d63a0363420ca6fdde07010803270a62451afea9e4ae55206d8a4c00ca4680e7a9120cd33f99a0f

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-heap-l1-1-0.dll

MD5 9d136bbecf98a931e6371346059b5626
SHA1 2466e66bfd88dd66c1c693cbb95ea8a91b9558cd
SHA256 7617838af1b589f57e4fe9fee1e1412101878e6d3287cdc52a51cd03e3983717
SHA512 8c720c798d2a06f48b106a0a1ef38be9b4a2aebe2a657c8721278afa9fdbab9da2a672f47b7996ca1ce7517015d361d77963c686e0ae637a98c32fd75e5d0610

C:\Users\Admin\Downloads\#!NewFiile_7474_ṔḁṨṨCṏḌḙs\#!NewFiile_7474_ṔḁṨṨCṏḌḙ$s\api-ms-win-crt-environment-l1-1-0.dll

MD5 1a72e5f24214eb723e03a22ff53f8a22
SHA1 578d1dbfb22e9ff3b10c095d6a06acaf15469709
SHA256 fda46141c236a11054d4d3756a36da4412c82dd7877daad86cb65bf53d81ca1a
SHA512 530e693daecc7c7080b21e39b856c538bb755516aafdb6839a23768f40bcfc38d71b19586e8c8e37bb1c2b7a7c31fcb8e24a2315a8dd90f50fec22f973d86cb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 df2daa3002a6838f29fb1b3cf0c4650a
SHA1 907d2168372c3d5cd736553543f552d1b73bc8c9
SHA256 364b4de36165f31cc08eab0ab9aca9a4685eb448608565bd515b118ac4d10d0c
SHA512 aab05694393c3c86e8b5e6e7a46aca53c490b44c2e19cbd4945edc0f7623f53358f54a23fac3b03f820d60a55f8cdcea282c0ac51bf73414f394795a009d75ea

memory/456-871-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2c6fc85c

MD5 84a0022d5b99427012959aa5a582c6dc
SHA1 bc079c9a4ac8268639587affd32d4afbc62f63e6
SHA256 99fccc40dca03e2a9fc4572ed384e9b18beb26fbc7f711d9c2018b91ed3d37b3
SHA512 6e5b86ec1458ba27297ea11f919cd0a3cd7f6bb3e3c6986f7487f473d856c780e6b2eebc8da67cfe8964be4d4d66f327891f2dd00f59ac3fd98ce9cac6c48e6d

memory/3144-874-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/3144-878-0x0000000073B10000-0x0000000073C8D000-memory.dmp

memory/3144-876-0x0000000073B10000-0x0000000073C8D000-memory.dmp

memory/1980-880-0x00000000040C0000-0x00000000042A8000-memory.dmp

C:\ProgramData\Licenses\01D69EEBF42E950EA.Lic

MD5 6269fd7ad145dd8dfaf5db2f41c2d2c1
SHA1 4883bf77559c29d56ad6d435c4f20c799ccf0a02
SHA256 e904a8a1f6b8cf965f7f617cb2f2a91561a968a1adc4293b23b7a1f3f1e9e0eb
SHA512 b830971f2bcb1839002581a222c63713eebccc09d09af58bfc6f345a048908067683f1ede45cf5a61d63913a41f96a3aec3e3dbb8eb42f35adcbbe3dc42abdcd

memory/1980-892-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/1980-894-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/1980-896-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/1980-897-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/3144-900-0x0000000073B10000-0x0000000073C8D000-memory.dmp

memory/1980-902-0x0000000000400000-0x0000000001CF7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe

MD5 3d754cfa4a5b2a3f19720550acf6d3cf
SHA1 e5c78edbd54e14a42258a6c223d2cf128530e1b6
SHA256 8e5e627881c8182bfbb64601c6f4f7b30ba950dfd10f638f404479406b2c03b8
SHA512 18db06443a718b8233ac9724e7f96310bf5841d2c980cd1d02e6fb6743e23acc13bd67fcd214b4c0650ac933f6f081759d699c73e14baf26ffc324c2b30f153b

memory/484-905-0x0000000000A70000-0x00000000011BB000-memory.dmp

memory/1980-903-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/484-909-0x00007FF8521E0000-0x00007FF8523E9000-memory.dmp

memory/1980-910-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/1980-920-0x00007FF83FC60000-0x00007FF83FDDA000-memory.dmp

memory/484-921-0x0000000000A70000-0x00000000011BB000-memory.dmp