Malware Analysis Report

2025-04-13 23:22

Sample ID 240427-zlvg2agb43
Target sssssssssssssServer.exe
SHA256 ee5999554db9fa327f647a24d87cb4c08c885320b0ff90882da9afc9849a5d23
Tags
owo njrat evasion persistence ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ee5999554db9fa327f647a24d87cb4c08c885320b0ff90882da9afc9849a5d23

Threat Level: Known bad

The file sssssssssssssServer.exe was found to be: Known bad.

Malicious Activity Summary

owo njrat evasion persistence ransomware

Njrat family

Disables Task Manager via registry modification

Modifies Windows Firewall

Checks computer location settings

Drops startup file

Executes dropped EXE

Enumerates connected drives

Modifies WinLogon

Adds Run key to start application

Sets desktop wallpaper using registry

Drops autorun.inf file

Unsigned PE

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-27 20:48

Signatures

Njrat family

njrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-27 20:48

Reported

2024-04-27 20:59

Platform

win10v2004-20240226-en

Max time kernel

555s

Max time network

649s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe"

Signatures

Disables Task Manager via registry modification

evasion

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\ProgramData\COM Surrogate.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37f622693e6086826fd92b3e7e508134.exe C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37f622693e6086826fd92b3e7e508134.exe C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e14109296e01cf24bb9b7f72f64c4cb3.exe C:\ProgramData\COM Surrogate.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e14109296e01cf24bb9b7f72f64c4cb3.exe C:\ProgramData\COM Surrogate.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e14109296e01cf24bb9b7f72f64c4cb3 = "\"C:\\ProgramData\\COM Surrogate.exe\" .." C:\ProgramData\COM Surrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\e14109296e01cf24bb9b7f72f64c4cb3 = "\"C:\\ProgramData\\COM Surrogate.exe\" .." C:\ProgramData\COM Surrogate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37f622693e6086826fd92b3e7e508134 = "\"C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe\" .." C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\37f622693e6086826fd92b3e7e508134 = "\"C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe\" .." C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File created C:\autorun.inf C:\ProgramData\COM Surrogate.exe N/A
File created D:\autorun.inf C:\ProgramData\COM Surrogate.exe N/A
File created F:\autorun.inf C:\ProgramData\COM Surrogate.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\Wallpaper C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587245843426559" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\ProgramData\COM Surrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6BACC35F-5462-499B-91DA-C815CE7DBE24} C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\ProgramData\COM Surrogate.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\COM Surrogate.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\ProgramData\COM Surrogate.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\ProgramData\COM Surrogate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe C:\Users\Admin\AppData\Roaming\svchost.exe
PID 4900 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe C:\Users\Admin\AppData\Roaming\svchost.exe
PID 4900 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe C:\Users\Admin\AppData\Roaming\svchost.exe
PID 1044 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Windows\SysWOW64\netsh.exe
PID 1044 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Windows\SysWOW64\netsh.exe
PID 1044 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Windows\SysWOW64\netsh.exe
PID 1044 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Windows\SysWOW64\taskkill.exe
PID 1044 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Windows\SysWOW64\taskkill.exe
PID 1044 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Windows\SysWOW64\taskkill.exe
PID 1044 wrote to memory of 840 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe
PID 1044 wrote to memory of 840 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe
PID 1044 wrote to memory of 840 N/A C:\Users\Admin\AppData\Roaming\svchost.exe C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe
PID 116 wrote to memory of 3924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 3924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 2628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 2628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 116 wrote to memory of 852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe

"C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM Taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffae8899758,0x7ffae8899768,0x7ffae8899778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3236 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\ProgramData\COM Surrogate.exe

"C:\ProgramData\COM Surrogate.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3876 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\ProgramData\COM Surrogate.exe" "COM Surrogate.exe" ENABLE

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM SecHealthUI.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4328 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3492 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5972 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4e0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\tmpB368.tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmpB368.tmp.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:2

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\tmpC0E.tmp.mp4"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2748 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3412 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2084 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\tmp6036.tmp.mp4"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\tmp6ED8.tmp.mp4"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2612 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4280 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' set FullName='UR NEXT'

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' rename 'UR NEXT'

C:\Windows\SysWOW64\shutdown.exe

shutdown /f /r /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa395b855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 artist-composed.gl.at.ply.gg udp
US 147.185.221.19:28632 artist-composed.gl.at.ply.gg tcp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 green-morrison.gl.at.ply.gg udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 147.185.221.19:17455 green-morrison.gl.at.ply.gg tcp
US 8.8.8.8:53 www.xvideos.com udp
NL 185.88.181.11:443 www.xvideos.com tcp
NL 185.88.181.11:443 www.xvideos.com tcp
US 8.8.8.8:53 11.181.88.185.in-addr.arpa udp
US 8.8.8.8:53 static-ss.xvideos-cdn.com udp
NL 69.55.53.168:443 static-ss.xvideos-cdn.com tcp
NL 69.55.53.168:443 static-ss.xvideos-cdn.com tcp
NL 69.55.53.168:443 static-ss.xvideos-cdn.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 168.53.55.69.in-addr.arpa udp
US 8.8.8.8:53 cdn77-pic.xvideos-cdn.com udp
US 8.8.8.8:53 gcore-pic.xvideos-cdn.com udp
GB 84.17.50.11:443 cdn77-pic.xvideos-cdn.com tcp
GB 84.17.50.11:443 cdn77-pic.xvideos-cdn.com tcp
GB 84.17.50.11:443 cdn77-pic.xvideos-cdn.com tcp
GB 84.17.50.11:443 cdn77-pic.xvideos-cdn.com tcp
GB 84.17.50.11:443 cdn77-pic.xvideos-cdn.com tcp
NL 93.123.17.254:443 gcore-pic.xvideos-cdn.com tcp
NL 93.123.17.254:443 gcore-pic.xvideos-cdn.com tcp
NL 93.123.17.254:443 gcore-pic.xvideos-cdn.com tcp
NL 93.123.17.254:443 gcore-pic.xvideos-cdn.com tcp
US 8.8.8.8:53 a.orbsrv.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 89.187.167.4:443 a.orbsrv.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
NL 95.211.229.246:443 s.orbsrv.com tcp
NL 95.211.229.246:443 s.orbsrv.com tcp
NL 95.211.229.246:443 s.orbsrv.com tcp
NL 95.211.229.246:443 s.orbsrv.com tcp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
GB 89.187.167.4:443 s3t3d2y8.afcdn.net tcp
US 8.8.8.8:53 11.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 254.17.123.93.in-addr.arpa udp
US 8.8.8.8:53 4.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
NL 185.88.181.11:443 www.xvideos.com tcp
US 8.8.8.8:53 246.229.211.95.in-addr.arpa udp
GB 84.17.50.11:443 cdn77-pic.xvideos-cdn.com tcp
NL 95.211.229.246:443 s.orbsrv.com tcp
US 8.8.8.8:53 s.tf4srv.com udp
NL 95.211.229.246:443 s.tf4srv.com tcp
US 8.8.8.8:53 t0v6b0i9.aacdn.net udp
GB 89.187.167.8:443 t0v6b0i9.aacdn.net tcp
US 8.8.8.8:53 8.167.187.89.in-addr.arpa udp
NL 185.88.181.11:443 www.xvideos.com tcp
US 8.8.8.8:53 cdn77-vid.xvideos-cdn.com udp
GB 84.17.50.44:443 cdn77-vid.xvideos-cdn.com tcp
US 8.8.8.8:53 44.50.17.84.in-addr.arpa udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
NL 95.211.229.246:443 s.tf4srv.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
US 8.8.8.8:53 u3y8v8u4.aucdn.net udp
GB 89.187.167.7:443 u3y8v8u4.aucdn.net tcp
US 8.8.8.8:53 7.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 147.185.221.19:17455 green-morrison.gl.at.ply.gg tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 147.185.221.19:17455 green-morrison.gl.at.ply.gg tcp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 147.185.221.19:17455 green-morrison.gl.at.ply.gg tcp
US 8.8.8.8:53 www.xvideos.com udp
NL 185.88.181.5:443 www.xvideos.com tcp
NL 185.88.181.5:443 www.xvideos.com tcp
US 8.8.8.8:53 5.181.88.185.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 update.videolan.org udp
FR 213.36.253.119:80 update.videolan.org tcp
FR 213.36.253.119:80 update.videolan.org tcp
US 8.8.8.8:53 119.253.36.213.in-addr.arpa udp
US 8.8.8.8:53 artist-composed.gl.at.ply.gg udp
US 147.185.221.19:28632 artist-composed.gl.at.ply.gg tcp
US 8.8.8.8:53 www.xvideos.com udp
NL 185.88.181.8:443 www.xvideos.com tcp
US 8.8.8.8:53 8.181.88.185.in-addr.arpa udp
NL 185.88.181.8:443 www.xvideos.com tcp
NL 69.55.53.168:443 static-ss.xvideos-cdn.com tcp
NL 69.55.53.168:443 static-ss.xvideos-cdn.com tcp
US 8.8.8.8:53 cdn77-vid.xvideos-cdn.com udp
GB 84.17.50.48:443 cdn77-vid.xvideos-cdn.com tcp
US 8.8.8.8:53 cdn77-pic.xvideos-cdn.com udp
GB 84.17.50.11:443 cdn77-pic.xvideos-cdn.com tcp
US 8.8.8.8:53 gcore-pic.xvideos-cdn.com udp
NL 93.123.17.254:443 gcore-pic.xvideos-cdn.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
US 8.8.8.8:53 48.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 a.orbsrv.com udp
GB 195.181.164.16:445 a.orbsrv.com tcp
GB 89.187.167.8:445 a.orbsrv.com tcp
NL 95.211.229.246:443 s.tf4srv.com tcp
US 8.8.8.8:53 u3y8v8u4.aucdn.net udp
GB 195.181.164.18:443 u3y8v8u4.aucdn.net tcp
US 8.8.8.8:53 18.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 a.orbsrv.com udp
GB 142.250.180.3:445 www.gstatic.com tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 157.210.16.2.in-addr.arpa udp
US 8.8.8.8:53 www.xvideos.com udp
NL 185.88.181.11:443 www.xvideos.com tcp

Files

memory/4900-0-0x0000000074FC0000-0x0000000075571000-memory.dmp

memory/4900-2-0x0000000000BF0000-0x0000000000C00000-memory.dmp

memory/4900-1-0x0000000074FC0000-0x0000000075571000-memory.dmp

C:\Users\Admin\Desktop\AddRead.shtml

MD5 0fc4934b899df7c2f9ab3f2775dd4cff
SHA1 433fbfa2c504962dac923cfda0336def78c3ce00
SHA256 f92dd735f8391abab367addec5b6a5d3cdf434c4c09dcc14fabaeceea9084046
SHA512 c398dc06e96562ec3c03e76452261703685ac44728e6e1c1d67c75d87493283b2359ac2405bf772eb4b2ad49fe4f684ad8b6c24b9af85b9b1bed4b55e66abc35

C:\Users\Admin\Desktop\CheckpointExit.vstx

MD5 609eba7cc5733280d261b4c9cf4991ce
SHA1 50b134935f55fb575ef9e1600f3be5e1f5581f78
SHA256 029a24c2085864604ba1fab13d89b2ca7261979971346715a2244770866d25ca
SHA512 2010dee2bc4d2bc04a03f55d2005bed14f308b6203603b17e5cf6a1b57bca1bf9af62bbe81f4802d05d91616ab7e27bb835ee38c76ef76e1c114df8d1fe91d27

C:\Users\Admin\Desktop\DisconnectBlock.ini

MD5 9cf5b14222fa4a43ea679dea0b571299
SHA1 baa688a0fc7a6fa939a72e4b39b48059a4d73278
SHA256 4f5b26de97b1b88089c4ef6b6d69465708530b155a2e11242faa1a949e1e6a5b
SHA512 d8cb01561f9e34488d05e60c4176f8e3800ab81a634f6968248d540ead52a4a4b80fc46c9190df94e4ba9543dafe53a383da765b182389960a36d6e174a6e5b7

C:\Users\Admin\Desktop\ResetPop.bin

MD5 50ce8c95cb10cb1a15248719c8d19cb3
SHA1 8e2c53c0347cd9eee8a1768073b1f8e9cd37827f
SHA256 511127fc52321046097f580cbd6d5f7d7123629fbd2aa0a430fc25bca7576700
SHA512 279b7583fa3fdb57f69623f968710e2ea658709dad7f0ace3982cab974a5eb571776ad681a7eb0ce0b31f47751b4c7db7ba8c762d461bee7b8dfcb6cdbc35b52

C:\Users\Admin\Desktop\RegisterRevoke.html

MD5 1e0688614aa8b944aa912d7511008e33
SHA1 2dd829660fba9e2fa631455cc55da8c9508efe96
SHA256 0401c32306a4a71e49eb7711d90fcf948e6bd8e580e1ccdc805883fa6327b084
SHA512 46c8913237fd0884564fc53bf5d5cdd42af5709b392a26f22135f5a9b7cd32e8895706db116e351b74268d0e58b53bdbd21110f250e762cc1fd22d5d8123eb4f

C:\Users\Admin\Desktop\PushRemove.vbe

MD5 b6f6523d569ebd0fa5a62b2828db4435
SHA1 3c51590731f1f3de39eb430f39b51a9a3fd39733
SHA256 25b9dc506af301b578734a62fc4b3612c8c0af1d88e51b3598fc11d02c10a3b6
SHA512 802b1390d2abb0c421606340f8d7e5544aff7d5611a67c6c130185a68e6b7e36c973b23ed3837a486d6d9519863db178a26a7000496ca421744674c55e609088

C:\Users\Admin\Desktop\MergeUnregister.mp2v

MD5 418c81c5a94d7589eaebacb9d779b965
SHA1 ed6524f440f93141f3091cb5abeae490474b5a35
SHA256 9444696f1b4abbcc5b93da0848f3c01f98d9dcc60bff8bb939287be7a3b4645d
SHA512 72a58c860ad35c313de2d3067de6d4d2a03e78ac457ba62122ad8dfef55f21a87bcb46fd3e9787c87b29aff6ba5e71112952795cd9f33fb79cb74766b038895a

C:\Users\Admin\Desktop\EnableShow.dib

MD5 64b9c7ef07c3adc378b416671a627e67
SHA1 1dfdcbdf8d0ff3beb531c42c3c38696620f328c0
SHA256 541157af40ddbe82b8e3785ed29d45ef8cf68cd1bb1f57c59d0bd411e26073a3
SHA512 bbcbfc443fc67dd53908e5710755a8d2e1c8304165b4ea7e058197e01fdc1eeef37cf28c0a475fad6b8d6d724f22e1f6c62187a86a0923bf4f698dfbf64243d0

C:\Users\Admin\Desktop\DismountUnpublish.ini

MD5 a58d2cecd6775463022d0ebe9fd51627
SHA1 48f3bb794be4dbf393733a5516f2c7ae0e472ddf
SHA256 8c422adbbb37016b9d6f8539f37989a7822030b23b121e8b88c662bcdf7c1725
SHA512 0cb7b415f5683fbc3834dc0e8886e21a3053cb7cf815babcc00dfe10b8cf21d69fbd77810ef5554e57e16bcd8f54d7a946096ee835d5ea209ba1494183dafdb7

C:\Users\Admin\Desktop\SelectSwitch.mpeg2

MD5 c24f95a16116d5984483664ef19f4939
SHA1 31e8f0f01f93262099b9d0131f86e1e7ce8eb0d3
SHA256 a60ce9818d1d9bc7de2dbbdc60dfb16c06a47cb3329aa8413a58c01ef8979dcc
SHA512 bdba618f2b5c78c8f3d41e526ecf098aad11e9d9b80a36512c8e6ec221f1300ba5039848aa4d4cc4b9284f39c6b52b64ae51d4ce67d30ad016a3d09991985fa9

C:\Users\Admin\Desktop\PopAssert.mp2v

MD5 4827e36a8376159c5e379fa72cf662d7
SHA1 c2953b002d95fd60a14a6fa90f791feb546fbc6d
SHA256 04d2a3f7460ad238c630a25f75737393dda104febdf042f101ad1e7026ce5959
SHA512 590fb59f044de15165cbf94a1a94da07ff8c394f8d60a1d53da609cbe8a3a35aed2fcd8e7811bfb69965cf8588b877f66ece547a9f3509b70b9594f633d8a305

C:\Users\Admin\Desktop\TraceResize.m4a

MD5 eb5e07f89ab1957bd8a1418cf4745bfb
SHA1 4124f7be9639b2c367ac70da7718e7287c9870d8
SHA256 c8e516854d227060e451d45bf6e80abce474215bfec3491f269073472d1d472b
SHA512 83fa93a29d63b19b4b7713847fa89e7aa5242e39f34c0e3e81525a425a19774bdf11763308283e4ef3e877d327a2777e1d2f209cad87f08722ec044a28f7696a

C:\Users\Admin\Desktop\SubmitReset.reg

MD5 6f56d34f823928afbaf5a25209133e27
SHA1 c2cdd45dbf276e9d602754a897a47862bfc32797
SHA256 a62190691f421839e02f4117939708e1a878f58faf95582f2b826d28a47de10b
SHA512 b5e46fd9f1f5d3065153634c1b0da2e2f05fb5898f28406397236b40db6a1b4b9c876dc20a00c0b3b3953d815e536fbd34a1570cf721aa4fa75e6899eb985503

C:\Users\Admin\Desktop\StepOptimize.reg

MD5 8056a59f7161a47b60ebf1a7b21da6e1
SHA1 24bc4f7b722be8fc49df7254e672749fd96ea9a6
SHA256 f4a1ce08a6db2734418100603b8e768a255baa1bbbc8febb611578d4a5494ce7
SHA512 5a0564e0e433fba9ba6da617f90648a0a71b6bdb0fa41b3d90af9d46e6241dcd1473541e166bb820b28e54a0f8ef2037f65e52e1471fb4da3bec465e018989e0

C:\Users\Admin\Desktop\SendDismount.jpeg

MD5 824dd6bf61ec0769dfe0c22fc189d6a3
SHA1 80f7d07122d5846cb71c33e6566801ba06e55354
SHA256 008b7d19597c765754add7f1c7c6fd69b2baff081233272cb53c32c56b877245
SHA512 7b42d68995e9939f340ac03bcbeb0c3dc86afefeebc2f22b5aa40cac36f65ab7070ef41ef391074f9cf88c75c1e8c6bfaceca57f5893ec97a5739086b034d322

C:\Users\Admin\Desktop\SearchNew.pps

MD5 589c3753079191ed0ed78a1794a506a1
SHA1 8f756587bfb6d1b46f471c552cb2ca407b8c558a
SHA256 c4d540aeddfee460376c7f4e2e22c04dba400de037573f8039feb082996e0d27
SHA512 bc70d81a41c617f4163dab6371df1023fc17c6231b614f521e3a6bbd13d98577b1ea683b2b28c5f6418e7cc6af231a99aa515293575d61b64840133d8c2791e9

C:\Users\Admin\Desktop\LockTrace.cfg

MD5 92ceccf2bc43bbe984e1326d2456cde6
SHA1 7c88fcf5e5c64d32f8053be9163ba750f7379adb
SHA256 9f94a0fe537c6314efd87667ec0f80de1ee0661f37b3eb1c9af824a94d69d107
SHA512 9ba1cddc2fdc9ee6de5e35fe4f9aa4c42dd585e2f20c03c3941b5a1533c3af685820f243d8a3ba10a5b75db3fc14226a9e34db75c41ae2962f195e0995219548

C:\Users\Admin\Desktop\GroupClose.DVR-MS

MD5 6a0da91859b0d6df734c772ce525699e
SHA1 d546acba2edc53c8bb943970ab89f39415539fcf
SHA256 7148869158ae0f4cd6b12683f1f76e2818c28cddb5ccfcbe7e85c2f696f1cee3
SHA512 1cac406a9129f467caefb7c2d146a975716853687357a2162c7deab4067bbe4c9e3c6add638739a35c65333465e1595560f3a5b8df7e16d0330d81e5534eece4

C:\Users\Admin\Desktop\CompressMeasure.wma

MD5 da984cfe848ce244915a0a5c561aa18f
SHA1 35ad3d1a35fbb87ba59e4f1ac3a96c3ac45b5b60
SHA256 bcab1dce339f3b680b8b25e65129746a1cd59fba420dceafe2dcb42e8db9221b
SHA512 91385b45808242f6aeada8abf55c0c75a9aaf1b4f3e0f4610393f6ff7445a32748553921a4e1e0c302ecf017bbcf5b6b12b1a90fa3204672af880a16de5a8d7f

C:\Users\Admin\Desktop\ClearPop.doc

MD5 893b27540cf74ea2e9ef2e456ea3e366
SHA1 42e2e3c8e939c7e46fa881060f418aa8fa7e71af
SHA256 19983dd49dfab510790d5d8b3fa45891387aa25f87a712cf92ca1729b38e885b
SHA512 3b106890e3ae0cbc6e0fed0436628e5094f76857fea1c71ca73e7cdebc92c43d5148ade9f2ad977c5c5ae554f7acb3d6fe9b785db9d1f7f0c4e1920d069b4e46

C:\Users\Admin\Desktop\BlockComplete.vdw

MD5 18b16e52b0b2c9584d9dcf3e8783fde5
SHA1 578306db296fb278a6907e14f20f49eda3993191
SHA256 41f58bc1aa4a9f9973a0b352dc7710b8cb2dded51a334f246c13a9c81a31f264
SHA512 21abf685c1e9a7ee2e8f37ef2b781e9864d3b3f543cf2815f840eac08acd538fa98b4b8463e2c78cfa8edfd222f100dcdabc62fa2b330e4bda2fa1ae6c427586

C:\Users\Admin\Desktop\UpdateAdd.mp3

MD5 dc330eece0cfcc4ae432209c4c0669b9
SHA1 8eb5fd3ea00fed138ee66f5db614f24ee85a457d
SHA256 3eb966fa8f83844585108ec8405783c05979af7da40a97280baa899b3829e98c
SHA512 9841b44754aa2bd5e215467e12cba28ef54152de6899d0c16d19722f3d491aa24f4a5ebaba4ae2dd69d690442b4d41a0c0946860e4ac0e42037c2fba499631ee

C:\Users\Admin\AppData\Roaming\svchost.exe

MD5 1c731bee4a8f4a28503fc766be1255f8
SHA1 dc40c7857b31ac00d67b3b2bfc7afb7ea2d0aa03
SHA256 ee5999554db9fa327f647a24d87cb4c08c885320b0ff90882da9afc9849a5d23
SHA512 77922442fc0b92ed9101d5e1a871bc0a80c7dae6bb784b28b2cea543d03515c498319a1e41699b249d615afe540d5bee8d725a24f775d77622de93d328a35e31

memory/1044-34-0x0000000074FC0000-0x0000000075571000-memory.dmp

memory/1044-36-0x0000000074FC0000-0x0000000075571000-memory.dmp

memory/4900-35-0x0000000074FC0000-0x0000000075571000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe

MD5 0c84829a79c06e88510607526990391e
SHA1 63970a42f5b779c1f0f8d95d493317917b0bd46d
SHA256 6f9b61794c9169a8860fb74e2cc0253b0bc283327b6485f799265f702a67c921
SHA512 85638191fee2b456e601487aff23bc5dccbfd24e74970e5f1d8fbdad633a3d31208887f682debf1fd2abcec6e36c50e74b6da30c660dfa0bc0471e7ef8c98f40

\??\pipe\crashpad_116_HCBTAJUFHUUIRMST

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1044-68-0x0000000074FC0000-0x0000000075571000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dd723fd9ce07164b23050ce9621ccc3b
SHA1 a1f3c1ea23c376ccf082f8c86efa69e00d5b4598
SHA256 487a2c688222c41bbf1bd51995ee2650d0e6947b879e5ea2e6c0617bd55b7ec0
SHA512 f056839257688e13964758f7e140784765d3c00f6a1c8e0df280577f1892a96dd33e225e28b88fb009e2f1f7173d7b9c4165b352721c4765858ddca14d0f093a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7511cb6b8c9595e52953dd2047f8a3e
SHA1 a7c514754de86640f663c4ee80f28c9f93bd3637
SHA256 38fa1ae1153a521d55a05a3d6c758329643aa8f72d9a3b45f66f9594d3d90a7d
SHA512 d0d60c244ffc6128d563967e20b595acb94e5ad20ee7b25cbfbcd1efa8b1f78cfea791f5338f2efb50498e67713d02cecaa1374e3765695c814cf34b612b4ac5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88ad9c98f6cae25d64042379b2a523a2
SHA1 287b56d31d97f61d0052808cecbd88c03511d4b2
SHA256 2c10e95a5a17cc6c8fbe544cd8a61bc3eeee7caff9dae9bb02f97826c0043358
SHA512 1809143b98cf28b9446b86d29d91556197d853d3a709a68e2486480ebab630b79bdef296321d9ee5400b3b79d374ee0c3ce54a5ab7979a94f38bb8553b0b09a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8a1d53431e51af5b583b41b3d6edb70
SHA1 4f445c3ab953e2133c030617bb505ec18608b2fa
SHA256 7c9f6cd4b9649363cf3ae9b595dc91302fd06f8d4c051eb94b36629156fc785d
SHA512 c680d59f925367c856c22a21d1d7544454464879cf11c2012e71b35bea46c8641cef1ccf2124ae16e39b19b7d9058fd00f2d57bcfdd152bd1df8a19df07ac1f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 2c0d4353ddf1b20fe3e7d0d1dd747274
SHA1 77c47ec6f5572fccc133c055c621654a8510f6d4
SHA256 aeb4d1b29a9444dd279564e4ea251dcda09982ff6d9f815831cbf21bb182b498
SHA512 f14923fea10e30d9c548d4aa588ea2f9c52be58a4c8ea118ce50a0e8a88c4ac84ae1dc7ac668c3474adb90d51e7281f746c83cc16f1eb5bfd67b38d2227501a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bde5bf92f559001a4d7a1604b7f9628
SHA1 e296648fcb247b10848a1b875a9f49a860d71be4
SHA256 fe4dc7944a4fd239bafd4d25b8277991c675838613cbfecfdebb3f2fff2a3209
SHA512 4a7fbc50a35a01a6f24a818dbbff12b7cd7ea7902ce3c4e9d445f4b170a622b601ab196af44bb38292554eefd2fbde7a6c9ce742f0231d5021cbb27233e54f2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 e00ff9c5d2bdbbe2d2baeb8d1812678b
SHA1 f1a292984652a42fd1ee951ba5be666deede80cb
SHA256 99c16d3788f722e5fe0aa0ac466f0af351c8cd8029450364f2296b24c7132646
SHA512 9c5f6a3fcaec091b15dd14fac879a05afd7e424e9c7254e3eb517a78143eefc863aeb45b32642eb557090d923018b1909fedf1f8b73205ce8a840d8e7a2b270c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 1c723f93a52c01ef152971bbf0d7527c
SHA1 4ecd5ab4c0f57fe0037e22b881c1e1c13fbf2378
SHA256 4c815b2084182793cf9c2e6b5e4fbbf384d5cfbc94868299fbc6c199d98b79f8
SHA512 e87479ca1f24a1e1bb9b57606a986e69fa695cdbbb91d8ee564622aaebac7e6eff195cad6c9ee4fd6343bf96c43c005e1189b2e1d5af9854e3657b9af05a8aeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 de9655b0da1777bcbc325ee817bc8f71
SHA1 ccb48a01b3b891de8f7fca3da404356044fcfb57
SHA256 df7f439df22795f658ae08a1d3e657e8024b8117c9b57d0cfee577406aee214c
SHA512 5c9a73cb6d26316ec40f660d45de9e46a43de25d14f55b3e2b0fcddeaed6f5d3706827af78a955f675ace4e9016b7a298bbde4592ecbe9f33a7418205aaa5184

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 223a76aead2e450e31ac02f5f4005d72
SHA1 819ffb2c1c7e98eca0c203793b3440b9666e5c46
SHA256 8ce4680978f3aea1cdd04f678eca791c187dea9f30510b3ea236b70cc3fc8833
SHA512 ae4cce77343dd82dd05202d47ad3b228ed497ff80160b1c7968d871c2a9bf2d806015a0f346c2b71e789bef29b91916314a7131054a9031dd45c6f903714f0a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 262150565660238e90d62d32eb3c08d6
SHA1 46ae7798867ee6adee813ca02eb9183998457f87
SHA256 67bf4ac26fca77b07bb2db40161030bacb67c389f9ec3771757629babdf0890f
SHA512 30496782f5e9ed8209dcf04ec91437b1e168084b2dc7ae2707796207276fe3f7706f224453952b06587cfc3b03ec03e47fa66e6ff18a36a5bf87125a6952a0b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596383.TMP

MD5 81ec82b82e6f95321a95db1c45c50c14
SHA1 2848822a36e1fc716a932ee2a6b9ea7e8bc46125
SHA256 9f64308a19bdc8a2560ebcdc453c6affa8e4e0a0b45c2d17f79009f5c4c3a3e7
SHA512 bbca075e8e91a761845c34f15ba763639222aea8bd6dfa33dedb10979059d77e012fce6d0a28026cbaf6977812995c7f942d11b7a91fc6d3844a8e3f6abf3f0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c197a7c55dc7d6d7c5b2c6737a334fa1
SHA1 ace8efd633806cf78813157afa1d8f560e94cf24
SHA256 d2fe7a62f10fa7f70e8fa7d01433301889f623bd110f7d9ce87d785458cbffb5
SHA512 fb49806d5f9f3ce1869abc44922d9542aad2c8297dee751c7821ffb6ed52f31d78b32c774df07ce25b3d1ae298c9bb439c5123ffa6826d452612d1392e974b2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a2546fb35d96f6d0810f4839e795619
SHA1 182a69a6fd2488ef23b04fdb2be277ea092e2494
SHA256 505c4d0ce87c2c291fa59c45023c502814e246f84778802787df735ca3efcdc4
SHA512 bdbe39fd94a822c036a96961d4e41016157944d4780d1d809b4721f3345e2470bfecd784dbf12e46bcf80d92ee34e461311d064b682fa31f23427e664cb5eb7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a27bf8cb1a7e73abe5925479b65846a1
SHA1 b77051b600dea9a5ccf707bbe3182f6cf7facabb
SHA256 8a3f631c5edc09d30566e37a13616efd4c4a75993891c7da53b4d18b4ba4cc45
SHA512 f0bdfe4b516d9ef37539c0491d09ef4fedb44a69c8db3d35ccf2d77c1f63a491b7f2e41b4cc05c4e54e4f8713a00d2d79998cc4b12f97b88edfc2f8d9cd49df7

C:\Users\Admin\AppData\Local\Temp\tmpB368.tmp.exe

MD5 d049caea69082ee08270983b30a1a999
SHA1 38ad9f6b0cfbd9a53bc91adb7f5d1d9b23aee8a4
SHA256 b20e60c57be88a7f9ce44ec255d5b1f57e2b9d64932731a30a383373e37295ae
SHA512 4054f6b704fcfaf1e9d07430a793cf52e53a7c4becaf4e22123e1b208c9f64793adfa19d22f45278a678cd7426a7f20905200b124650f69f72e1c4ce2a7357c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cb6fe4eb2c581951374ebae5db289c62
SHA1 23f9f97f0e4bd7ee6e5007ad7f4360f9b9b0bccf
SHA256 2875d9850650253b541deeb90738230d3ae5d548450c9f7a6f1b2173f330807e
SHA512 8586cabc685f22179e560ebec5c791f1d964578c661c8fb872be58fd92066d10a300dca1359ae655635748e707351f203da7502d45c3befd7c4ef864a2259918

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 85903181b498727e419c278d1cf94771
SHA1 3c9af7b1b686986b3bfd731bb7bcb408db1bfacc
SHA256 7d7529f10175b01fa02865aa734dc7d4aef1a2a5e225959b6adc83692dfce7ea
SHA512 632493d3ee51188e0a1e256be1ddc154a36515a0ee14fb1a13e7982d6eb7a82277a3851657ec94b882fd3294876b94a076451e99682a819f8e39432748b78ba5

C:\Users\Admin\AppData\Local\Temp\tmpC0E.tmp.mp4

MD5 fd9b3c8da56202b141d2461391f6d1c8
SHA1 34d4baca07a9f4dac7ddf17a76d5684061d7a6d1
SHA256 92499868fb19fbf4c519fcc5f17a51df7d0693a592766e0fcf9850c36060fc9c
SHA512 521962601aad637cf76df7052cf1a47d92739d425bc496f0ff0ce13db74a1c9e9e13272a1b37a8c982316b974ff03fa9f2951f53b9b04f1150275e7e9bd70b1c

memory/5744-424-0x00007FF681CF0000-0x00007FF681DE8000-memory.dmp

memory/5744-425-0x00007FFB021E0000-0x00007FFB02214000-memory.dmp

memory/5744-433-0x00007FFAFADD0000-0x00007FFAFADE1000-memory.dmp

memory/5744-426-0x00007FFAE9630000-0x00007FFAE98E4000-memory.dmp

memory/5744-432-0x00007FFB009F0000-0x00007FFB00A0D000-memory.dmp

memory/5744-431-0x00007FFB02140000-0x00007FFB02151000-memory.dmp

memory/5744-430-0x00007FFB02160000-0x00007FFB02177000-memory.dmp

memory/5744-429-0x00007FFB02180000-0x00007FFB02191000-memory.dmp

memory/5744-428-0x00007FFB021A0000-0x00007FFB021B7000-memory.dmp

memory/5744-427-0x00007FFB021C0000-0x00007FFB021D8000-memory.dmp

memory/5744-441-0x00007FFAFA960000-0x00007FFAFA971000-memory.dmp

memory/5744-440-0x00007FFAFA9D0000-0x00007FFAFA9E1000-memory.dmp

memory/5744-439-0x00007FFAFAB60000-0x00007FFAFAB71000-memory.dmp

memory/5744-438-0x00007FFAFAD70000-0x00007FFAFAD88000-memory.dmp

memory/5744-434-0x00007FFAE4E30000-0x00007FFAE5EDB000-memory.dmp

memory/5744-437-0x00007FFAFAAA0000-0x00007FFAFAAC1000-memory.dmp

memory/5744-435-0x00007FFAE8DA0000-0x00007FFAE8FA0000-memory.dmp

memory/5744-436-0x00007FFAFAD90000-0x00007FFAFADCF000-memory.dmp

memory/5744-444-0x00007FFAE9630000-0x00007FFAE98E4000-memory.dmp

memory/5744-470-0x00007FFAE4E30000-0x00007FFAE5EDB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 517dfdb96a99b242beb32d4a76835899
SHA1 6b45dbab5b86b7e11f50cf78f9173b722c26df6b
SHA256 6e57eeea41c6ac49fc1fb625f91a815a8c26486e7c9406a496375a208f2ed9d0
SHA512 0adf65f5817524177d851a700961428126117a1936c116a5af030294b5bcc515d31923fad512f41e67b876e074c259c44752ef625902ba43922ca0278c6958c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0ff9db2def2d0dcfab6a7ca4b25b6967
SHA1 d362a1c915c54e6983ef9d1227139a29ede9493a
SHA256 a46948d80e6a461e98d4ad32c5f7f2be1e6d072ee727a081fb7713efe116130d
SHA512 bb43f9195e4382f96c8c2b559a7a7f1ff4f6730d0c7da898aae68b8693df3d27f08d0588f6f67cdcd25dc46f4b2a3b5e49857aded7150800172a628d033b4bea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7469b6e2b91d5b692f7a593b978aea9d
SHA1 816bd5e2e65bdb763a892a885715b63e33da3470
SHA256 c4a2ff58bb65ec66a9e0caf3de21bc1b1c59d1eaebc1a135bbe3d22379afb476
SHA512 cd1733a6ba6e0f8f52d42a6df67a997fd544efaa934a5fa05563767558e2afc327b76285001ce7c5ec508959147df542de01deb5c8877ad1b733267a897d43d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 430aa320fde7759707c077b534bcca9b
SHA1 cad664feb3b10aaf3612811723fe13399e42a9a7
SHA256 1d4b239959db948975b697ffbb9479d116f3498283eb7521519984db6c13f1d7
SHA512 2dd8e5a0af6a6a8dc62f393ee633e5bf1a33bf99249ceb709c16f94ff67e9a29d369c917167d99d01e6f7eab1fa5c01b0495784aa4320c4fdd4519293feca8ec

C:\Users\Admin\AppData\Roaming\vlc\vlcrc

MD5 478a4a09f4f74e97335cd4d5e9da7ab5
SHA1 3c4f1dc52a293f079095d0b0370428ec8e8f9315
SHA256 884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974
SHA512 e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1f7eb3b4b12536f3ef50eebec174d1d1
SHA1 94c979b36118aeed3f6778aba1bac865cf371d92
SHA256 f1629d0ad87b183f104a47947b5807648500decf990ce9c8650e0a5cf0f2ce5e
SHA512 b3fcee3d6768fd959db97608e5b178d16d6df7b103f7296f53dd7abaadff68d003feb489c2229ad03df507dc279712545af11d95ec9a694136c2e51bdabfe94d

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 d32609f6a0ef3b641d63776ab1abec10
SHA1 0a79c01bf7cec843ec1183a5d6e15fcd55a9f9b0
SHA256 c8dfcad4382a621252364643a963ee9d087ac4f45ee0a0091e1d4c8d1daf8f27
SHA512 1976a2bb0105a2148b47b7ae8c6c97ee5b37a142ba8de62773a6f64e4eebd4f936aeb556f6f7e04f21a5aaeaeef37e95d7625414159a9d3e59de03f4857be28c

C:\Users\Admin\AppData\Local\Temp\tmp6ED8.tmp.mp4

MD5 49188975edc5320a98b7c35eae9b5ea0
SHA1 5a986f951ab846dfe8f0ad4d53be3dff28543c08
SHA256 2717b4b29321dcbc8b052f62dd6c41af56243af9922c5e17464645a5be2187b9
SHA512 f13322c245df149e8321f3caa7f31b0715e35cb7bfe2c90b05f3ade57909614795180e739a51d1a1ad7004fde75c334786e1e2dc859f61d95247c3c9f7e7d9d1

C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

MD5 781602441469750c3219c8c38b515ed4
SHA1 e885acd1cbd0b897ebcedbb145bef1c330f80595
SHA256 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d
SHA512 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 030db32899e52f14968f02158f7badf7
SHA1 6029efe7ae95cbc1b81e85822ca9c5fdfadba8dc
SHA256 168d76eff0bbc94860e13105ec3addd64330024ada8a84496149656d024eb46f
SHA512 6aa8cd4431242b7b58381b8fb26d0e90ae90ab3dbdef9580a0c45946d1d93e7a082da59578f0b6bb70272a0a26a50d73795aa6818eace4511faa418762e99858

C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe

MD5 f2b7074e1543720a9a98fda660e02688
SHA1 1029492c1a12789d8af78d54adcb921e24b9e5ca
SHA256 4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
SHA512 73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 2dca29ad095c416f4e997f839324e043
SHA1 32811f3cb4202106503b71ccb39a21b0f1eff647
SHA256 d003b57dc579997865e2e124c0821cae2f1a21a8e1404ae1365eafd308b03b16
SHA512 ffb3e304bc2cf01f5463c1c5d27e18e890b5f2821bff8d419100870e67e0d6782afd3099b234cb0a7073ad5d81dbd3a6cebcd0bbfa862c0323e203ceb6cbf5b8

memory/3180-902-0x0000000000D30000-0x00000000013DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 449ec0efc00077a12ed45192ff1db7f6
SHA1 25c3835d8f3a7b1ef3ae35ff44867adfefd94d43
SHA256 35982c7bd543d7a4971be9b16ec4713771d303e87114dab036d5f673019024a8
SHA512 ad8d16358ee46c412989d0c11071253ed52a1fb3e5db94262d711c82c77c1a035606251254e680dd41a3a87b67fe9e4a45cfba7c2a767cad622b1063ef3a07b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fa7b80b0151be8cbbef35f01690a2fb
SHA1 4843f8d0e202f01d5c9705cabb13ee6f1488f7ab
SHA256 f4a1164179dcea43fe86148796968009582387394b695b62049a10174e529c2c
SHA512 1fc7111b6fea57abc4e2f182e0b01b390f2c6434b0f463862bb68b16ee8ecfcf702ccba4bc02d1c4d59f4ed1f7e0286feb51ddabfd1175a9bc3720d62348e472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 652d27973dc4fe1860edcc8f3175ea8d
SHA1 aa6b0dbe0ede09b5474d3a3fd284378ea6c666f0
SHA256 094fcc1a023256338bcd410e90a0d118320b4b94ed4d39f392488200f051a5b0
SHA512 2b046629ae7e0456bf196094603212b4781990e8ad4f0d80364c76953e48e8a78601d3e9221e9d6d422816b8675a162708774db42294b6def7d0e8130e60dee3

memory/3180-1000-0x0000000006350000-0x00000000068F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\windl.bat

MD5 a9401e260d9856d1134692759d636e92
SHA1 4141d3c60173741e14f36dfe41588bb2716d2867
SHA256 b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA512 5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/3180-1027-0x0000000009720000-0x000000000972E000-memory.dmp

memory/3180-1026-0x0000000009AB0000-0x0000000009AE8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 b4fd61d5c7ab0560495e722c795c3ccf
SHA1 a4c186a3942a3b7f4c5fc734bac7b16fd3b36f84
SHA256 92f22647e7d696143655844d1ed9a2012363bc187aeffc1bffad7f1cf1554a66
SHA512 0577bec74666152f0dc8d9a5205c01889182ab1ec9011681e996d931e8db921a7b47dd6a5b724a02c5c5e75bb64abd18499895fb54a0ee76574d1d3536a61f57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06e92917e19be75d70671e67d0b30f84
SHA1 507365380d50fa982c0a85b3407c57080674e1aa
SHA256 91fff7b04fe4636d6f738604e8894a2e026c5ed2da0bb9db0a601c3a590c817e
SHA512 f72e374fade0c993fef2239aeceaeaf4418a2fba8f159a95186797b574ebe2fd011f8dafa25c3509b15683deb20704cf16b9a5dc3f403ac7197f1d71ff080ca8

C:\Users\Admin\AppData\Local\Temp\v.mp4

MD5 d2774b188ab5dde3e2df5033a676a0b4
SHA1 6e8f668cba211f1c3303e4947676f2fc9e4a1bcc
SHA256 95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443
SHA512 3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bf2cf38ec0f658e1a3507fcf57e3cd6f
SHA1 ba7cafd75703d0f7913fe1aec226514fb9e0278a
SHA256 dacd8ae11155879da35cea015d1182873f4b4ede27f6d86068e1e62a7db2dc8b
SHA512 6942c90d2ab65d03aecd4a7149268cc8f5e8132bf03f6561ae34442ec3b23f5f414a7d3febae8a713d1d794ed61bec8472853f0aef4a4755b51262c7d987c9f7

C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

MD5 9037ebf0a18a1c17537832bc73739109
SHA1 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA256 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA512 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a749b5053eb148246b2a6897b7d54520
SHA1 24c158d1d2358ef68acfe24d572041b406a5f721
SHA256 23cd5783286ca0771aad8f260c490f13a3d67226660b9552c0f6dbaab1df36de
SHA512 e0f87ddc6129079b06b562f1f484a26d9b4a25fdd63f8b7c72223d081f717c082ccec77bb2fa549261ac2c5303dc60946629d583b1edb36a564139de84a3c6a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 249aee34eb05b5ea19c270ab9401d9b2
SHA1 c8b24be3e90ebbd1e3e6cf337824d3c3f72f1496
SHA256 e6749f29a4cb1baebe23f7017d12943bd543bd502c73ef5a6f5448d042357a14
SHA512 c50459c90aed14122a2f0f1e5c888754f1553635b888f2428c3caef7826ad56cb5cda7f21871ea948cb48aa8f9899949d04efe1a3fc7015af62bccf886a4791a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8618e81a420219e6b20128660be9d9d7
SHA1 4094de45ef40db5c066f72b841f7550c11343d18
SHA256 18a3b88e62b8409875d53db5243a4a5378cc163029a01b3a8722246002ad5986
SHA512 2272fdcf05dbd57667ed3ed76d2d09b98148ca456fb235a6c7a9e065b82207223602101fd38992da91d5962320b51c31d3b3dca721c619777b4cad37d4e9b8db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 4cdd02a55b586cc4c2f144440b0f46bb
SHA1 0401598988e59f007ac5f59d66df68e2c4c4a5b6
SHA256 71721164f83e3bca489c2ad2001197a6882ba42dc10a460170e77fb4b705e9c9
SHA512 2bd1822506d6546ad75c2b3950daf032897251d593d56f49acf2a6c3050de4f7300dff4e4e41c5970e298de19ca922c61a24219ad1a1f09f4869c607dbcd759e

memory/1044-2517-0x0000000074FC0000-0x0000000075571000-memory.dmp