Malware Analysis Report

2025-05-28 17:21

Sample ID 240503-qyahysge4z
Target https://youtube.com
Tags
zgrat execution persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://youtube.com was found to be: Known bad.

Malicious Activity Summary

zgrat execution persistence rat

Detect ZGRat V1

Modifies WinLogon for persistence

ZGRat

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Runs ping.exe

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 13:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 13:39

Reported

2024-05-03 13:45

Platform

win10v2004-20240426-uk

Max time kernel

359s

Max time network

359s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\", \"C:\\Recovery\\WindowsRE\\spoolsv.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\", \"C:\\Recovery\\WindowsRE\\spoolsv.exe\", \"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\", \"C:\\Recovery\\WindowsRE\\spoolsv.exe\", \"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\", \"C:\\MsAgentBrowserdhcp\\Bridgesurrogate.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A

ZGRat

rat zgrat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\SampCheat.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\._cache_SampCheat.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\SampCheat.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\._cache_SampCheat.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\ProgramData\Synaptics\Synaptics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\._cache_Synaptics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\????? = "C:\\ProgramData\\Synaptics\\Synaptics.exe" C:\Users\Admin\Desktop\SampCheat.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Windows\\es-ES\\RuntimeBroker.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv = "\"C:\\Recovery\\WindowsRE\\spoolsv.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchApp = "\"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audiodg = "\"C:\\Recovery\\WindowsRE\\audiodg.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audiodg = "\"C:\\Recovery\\WindowsRE\\audiodg.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bridgesurrogate = "\"C:\\MsAgentBrowserdhcp\\Bridgesurrogate.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bridgesurrogate = "\"C:\\MsAgentBrowserdhcp\\Bridgesurrogate.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chrome = "\"C:\\Users\\Admin\\NetHood\\chrome.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chrome = "\"C:\\Users\\Admin\\NetHood\\chrome.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Windows\\es-ES\\RuntimeBroker.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchApp = "\"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv = "\"C:\\Recovery\\WindowsRE\\spoolsv.exe\"" C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created \??\c:\Windows\System32\CSCE7A81917C93A4AE6B67D9565844629EC.TMP C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe N/A
File created \??\c:\Windows\System32\t4pfwd.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\SearchApp.exe C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\SearchApp.exe C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
File created C:\Program Files\VideoLAN\VLC\38384e6a620884 C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\es-ES\RuntimeBroker.exe C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
File created C:\Windows\es-ES\9e8d7a4ca61bd9 C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592171950165471" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Users\Admin\Desktop\._cache_Synaptics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Users\Admin\Desktop\._cache_SampCheat.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{8BB28F77-6118-45CF-BC14-9B44D0FF7C81} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\ProgramData\Synaptics\Synaptics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\Desktop\SampCheat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\Desktop\SampCheat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Users\Admin\Desktop\._cache_SampCheat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\system32\taskmgr.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A
N/A N/A C:\MsAgentBrowserdhcp\Bridgesurrogate.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1140 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 1820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 1820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1140 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc451dab58,0x7ffc451dab68,0x7ffc451dab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3356 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4544 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x410 0x504

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5048 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5756 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5904 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5992 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SampCheat.zip"

C:\Users\Admin\Desktop\SampCheat.exe

"C:\Users\Admin\Desktop\SampCheat.exe"

C:\Users\Admin\Desktop\._cache_SampCheat.exe

"C:\Users\Admin\Desktop\._cache_SampCheat.exe"

C:\ProgramData\Synaptics\Synaptics.exe

"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe"

C:\Users\Admin\Desktop\._cache_Synaptics.exe

"C:\Users\Admin\Desktop\._cache_Synaptics.exe" InjUpdate

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat" "

C:\MsAgentBrowserdhcp\Bridgesurrogate.exe

"C:\MsAgentBrowserdhcp/Bridgesurrogate.exe"

C:\Users\Admin\Desktop\SampCheat.exe

"C:\Users\Admin\Desktop\SampCheat.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat" "

C:\MsAgentBrowserdhcp\Bridgesurrogate.exe

"C:\MsAgentBrowserdhcp/Bridgesurrogate.exe"

C:\Users\Admin\Desktop\._cache_SampCheat.exe

"C:\Users\Admin\Desktop\._cache_SampCheat.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vucraqwk\vucraqwk.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE277.tmp" "c:\Windows\System32\CSCE7A81917C93A4AE6B67D9565844629EC.TMP"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\NetHood\chrome.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\es-ES\RuntimeBroker.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\audiodg.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\spoolsv.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\VideoLAN\VLC\SearchApp.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MsAgentBrowserdhcp\Bridgesurrogate.exe'

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\GG3qQO2d8b.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat" "

C:\MsAgentBrowserdhcp\Bridgesurrogate.exe

"C:\MsAgentBrowserdhcp/Bridgesurrogate.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\VideoLAN\VLC\SearchApp.exe

"C:\Program Files\VideoLAN\VLC\SearchApp.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 youtube.com udp
GB 216.58.204.78:443 youtube.com tcp
GB 216.58.204.78:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
GB 142.250.187.246:443 i.ytimg.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr1---sn-q4fl6nd6.googlevideo.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 173.194.24.230:443 rr1---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.230:443 rr1---sn-q4fl6nd6.googlevideo.com tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.24.194.173.in-addr.arpa udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 173.194.24.230:443 rr1---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.230:443 rr1---sn-q4fl6nd6.googlevideo.com tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com tcp
US 173.194.24.230:443 rr1---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.230:443 rr1---sn-q4fl6nd6.googlevideo.com tcp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 142.250.178.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 rr5---sn-aigl6nzk.googlevideo.com udp
GB 74.125.175.106:443 rr5---sn-aigl6nzk.googlevideo.com tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.175.125.74.in-addr.arpa udp
GB 74.125.175.106:443 rr5---sn-aigl6nzk.googlevideo.com udp
GB 142.250.178.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-aigl6nzk.googlevideo.com udp
GB 74.125.175.104:443 rr3---sn-aigl6nzk.googlevideo.com udp
IE 209.85.203.84:443 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 104.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-5hne6nzy.googlevideo.com udp
NL 172.217.132.168:443 rr3---sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 168.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 142.250.178.1:443 yt3.ggpht.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 37.124.203.66.in-addr.arpa udp
US 8.8.8.8:53 16.125.203.66.in-addr.arpa udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs302n114.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs206n141.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n140.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n147.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n140.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n325.userstorage.mega.co.nz udp
CA 162.208.16.24:443 gfs302n114.userstorage.mega.co.nz tcp
CA 162.208.16.24:443 gfs302n114.userstorage.mega.co.nz tcp
CA 162.208.16.24:443 gfs302n114.userstorage.mega.co.nz tcp
CA 162.208.16.24:443 gfs302n114.userstorage.mega.co.nz tcp
FR 185.206.26.50:443 gfs208n140.userstorage.mega.co.nz tcp
FR 185.206.26.50:443 gfs208n140.userstorage.mega.co.nz tcp
FR 185.206.26.50:443 gfs208n140.userstorage.mega.co.nz tcp
FR 185.206.26.50:443 gfs208n140.userstorage.mega.co.nz tcp
BE 94.24.37.51:443 gfs206n141.userstorage.mega.co.nz tcp
BE 94.24.37.51:443 gfs206n141.userstorage.mega.co.nz tcp
BE 94.24.37.51:443 gfs206n141.userstorage.mega.co.nz tcp
BE 94.24.37.51:443 gfs206n141.userstorage.mega.co.nz tcp
NL 185.206.24.75:443 gfs204n147.userstorage.mega.co.nz tcp
NL 185.206.24.75:443 gfs204n147.userstorage.mega.co.nz tcp
NL 185.206.24.75:443 gfs204n147.userstorage.mega.co.nz tcp
NL 185.206.24.75:443 gfs204n147.userstorage.mega.co.nz tcp
LU 89.44.168.35:443 gfs270n325.userstorage.mega.co.nz tcp
LU 89.44.168.35:443 gfs270n325.userstorage.mega.co.nz tcp
LU 89.44.168.35:443 gfs270n325.userstorage.mega.co.nz tcp
LU 89.44.168.35:443 gfs270n325.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
US 8.8.8.8:53 50.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 75.24.206.185.in-addr.arpa udp
US 8.8.8.8:53 51.37.24.94.in-addr.arpa udp
US 8.8.8.8:53 50.27.206.185.in-addr.arpa udp
US 8.8.8.8:53 35.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 24.16.208.162.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 xred.mooo.com udp
US 8.8.8.8:53 freedns.afraid.org udp
US 69.42.215.252:80 freedns.afraid.org tcp
US 8.8.8.8:53 252.215.42.69.in-addr.arpa udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 docs.google.com udp
GB 216.58.204.78:443 docs.google.com tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.187.193:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 www.dropbox.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 xred.site50.net udp
US 153.92.0.100:80 xred.site50.net tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

\??\pipe\crashpad_1140_KVIZCBTNEWUMRCNU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 ee729f24edb5dfcbdcc5d1b146d5d739
SHA1 2078045332fdfd9e378789cdc27b58ae61398b18
SHA256 490b95796de6997709ab262d157e70fc806522921de0c3d2976364bcc07eb247
SHA512 bdd690c33cc6591cbbbfe71cb1daf1e2fd4650dc677178dcf462f50317f9117eba0b6820b2344ca9d286ede39d7132b5e3b68603a00a57f9ee7d50f1284e306c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 89c35a40ca9775956fff54202981ec9a
SHA1 f442f3a19d20e643f74710fd2d826bbe963e96d9
SHA256 d20fe85a52bf5e7f78d5dbc249049832056630dd3ba3043bf661163d1685c029
SHA512 04ba86dcd53c5bc40494bd581a8e6088b94da18a07e4bf3c18a6e1acc1f581bf60dc15afd7e560eb49efac97dd03bcf43357ed282ab9889717fcb2b4022794e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe574bbe.TMP

MD5 40a5e11c1f3ff1162e2c1813a1e7ea40
SHA1 f25d73bad2a971fd80f22c24d0d18c99871c435a
SHA256 d696450f2a0f8bdef99be54135bd068a0380ebbb9de9721d927c8859c5f0e8c0
SHA512 3660573ff24eb880f84dd913642d14f0290299d5a1c3a5e508037943b47c08e2c56d38663df64e562c2fc69449eb20b5324cede9a73ca098335723d5207c9961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1140_1200500082\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1140_179921915\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1140_179921915\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

MD5 88dfa96f9642297ff88909ca4e0f7330
SHA1 ed8655bf13e6cc49395da4c760168c4148454b7c
SHA256 5e5eb084cf1a650b2e122f53d36f85b67ce6e39069e399a46a25dbd34f7be286
SHA512 cc2deedfeacf9f26e48cbb26e222a219905888b95634c7d91d6393b84248305ce8940816bdb3bff0f5384b9dad90f4e3905b229e06ce4b1023a1439293b240dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c7804ab11d5e5eff3dea22fed1f13b4
SHA1 cb75c738d2f2f391834199d0d2f0f779e2fdcde3
SHA256 aac9b222394fa8faf83ca8586561041ee2da990d0cb05d18926109e6fd26acba
SHA512 092775002ae899190e0ef7bcdb8298eade3e077d7c22a49ed96af83771a8a045bc78d497897cfde5103d7b0ee6932ff54e9eeaf169aab54c6e9beb20cc229cea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 387a59b511aeeca261b34fee048068d0
SHA1 a2731695391d6d45897c267eb42a13f9c794fba8
SHA256 49049b1a695c4db060c956c2399a50b60f4d3d675cf3bea73f102a3bc3b1959e
SHA512 7cb2d5fed561447159367dd87b7ebf5e84b23ce6fbe8e517158dddccca83b9c55fa57bfdd3b48c80af980133427bec331b906d5b66786ba797ee6522a080e455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dcd50279335cd9d7eacd4189fe714f62
SHA1 8370e71fb9064585f9c6a08ea1962b08a25ee223
SHA256 ce03f5a9d66b50d318450ab124b2b4c8b395e40ab87456595ca993a2c3ad4690
SHA512 e3725e5e905e728b478d6cfbfe55a4d08f9645adc92c1ca46c9b0bad33d69cfe110b502bbeb271035d4fd828e8f55d7924050b226a1969795743ad069350bd73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5d2b905cb5a65dd6ac900a561fd88bfc
SHA1 b6384868c2ff10277cb3139762d4cc45422aec7d
SHA256 71102f273a50502599a930a805c5f9be799bcee45012819898d481d6e44a0a8c
SHA512 3b6de485f28cdb92098eb3f5d3733ba04091c4da35f2f6ae5e6efae78277fa77994c104d38fe31615f7163de36312b1e25a0afd9edb70ff0fd493dda79013bab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a0eff0-ef2e-43a8-9df5-f7dcd13df3e3\index-dir\the-real-index~RFe57a0f3.TMP

MD5 933d09e9cc740cc85a83a62bc274fad6
SHA1 c50d6105f6246de22f2384b5c0f2fba2dd56639c
SHA256 3fc2d5697364368fb0cd824fed82f85c0f86ed090051add522bd2adf61592333
SHA512 39e6aadd394c5380a0ddebaf5938fd0cea91eaac3645b357321e41ac6b74406f0f5c0a465489d04fd1495c1af4fe038f5b43ffec81a2ba4e7283e8f12337f813

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a0eff0-ef2e-43a8-9df5-f7dcd13df3e3\index-dir\the-real-index

MD5 0843b2c09d865bfdc1debad66c17ea89
SHA1 03374a983d7fb87a45ac2684199e3ad6b65f307e
SHA256 c883e15dc3a44ce91a195ed66d23c412fe7cd6820102666a3d95db86f6646169
SHA512 8b18061525efe5569988f31b1916bd25aefaf22580e9342ccd751365492588d3b1d28b291a5398047cae95ed72cb74679799f6a3f91df482fc04725c88a23373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4b93bdb0f242b4cc3def55f5640428ad
SHA1 ce1e3723b3a82c5ce0388d2b4b03acb303f1a504
SHA256 0b26f2a8abaaf1ce893114f6b8ccf5989371e17db690dd308e7474bc3b4887da
SHA512 d71b874e068679626e37ffb3d1a6d7b12ad63a9a6ff1cb50444ef25358170aa4d41614fb3b3845f2f45a83c3a4f7e8c9dab7d069231765cec9f1297e53da869a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6822ff35fc2fe8ca472049f392fc491c
SHA1 47a85fae14aa2dcfd5668e5b80707efceba5aa6c
SHA256 cdb20b3d7ba0748ebc6955c8d377b1d472c7b12728c353528e6a1fa25c0b47c9
SHA512 a58c68799a97f6ec366f4943f152a8e5fb5835252fd0b8c3bdea585ee867eb290389d15c270a45b40ceb050ce1cf94ed5b1b2977ff2a7d3463c11cdce647c3ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 04fb183578ab236360c0386a3cef2ad0
SHA1 feb5066e8b67552c7e19e1cf6e8b7a020e18ff00
SHA256 7c4f83dea3f0e428323002409cc10969e2f5abaa3eebb572257b8eb698e20c9b
SHA512 218ad3f0709c00b86d29dfe2742e0dc6a1e668fe85743e80331d02821f375fc442f50e572bd22be9f93b997cae4fc812729828ebdec3a22e840f965259460390

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ce23f8e8ecade8eeb2ab58751a898698
SHA1 ffa015df8c5054fd31dc2506d300d3484740e448
SHA256 e76639334361bc78ba5b42d1b6d26661dfe9e6d0fd8ff7dcca32ac286c0b06c1
SHA512 9675c873e7fd91fe812e51da5fe7df93b32b58ca9c408f9231694bc3da2cb82fdf24388ce6174f1faac701c964fb8d497dc5fb109c634b155398601f8e47a976

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 db58814e73b8dcf7bf565f2cab11d7c0
SHA1 68a11b423c9cb3301955a360f2ee7c37d216afde
SHA256 86884c4eae6f40374250b89a320b020427ddd9b01cf598ff6f6b9a489e804f67
SHA512 2244b518e697dcf61cdfcd13a614c605df140a789905967318a790e1d990713e3e79b25d051b2c8fe168da212bb7833242df7c0de81f7d866b9f5817b3621f34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 53b61f5b29c1179b0279fbd9498a1536
SHA1 140f44cd9d51ae81295ed199ccee46a7d37430dc
SHA256 197e9e4a9e3855014800c3bfb36a9e2c2082dc9ebd743cb7a3cf43736fefea2f
SHA512 e7c6ec98a1e299e4a6c711d02d1c3a27cb3d22be2480f02ec458c9d119e48f70843d441729f3cb52c1f2ffcf4581692eb61ff644f99f88eebaf7c9af4d5cd57d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 4691023a524333adb2337720b52adde0
SHA1 a92c4dc3df565cfeed1e15ea4ff059ba01fd9248
SHA256 19f1853554fe7305eeed5dda5c8f0c01f51e2e14ca101f129ace3ae25f5c3d8d
SHA512 e7c9da80f49c888db06da32da467f8166c5e10374c207e2b7ad29a32d504c97491d96d5c298f4e070f857bff045bf4af25391b69cad5d5d379bb3054c4da8803

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 eda13c6b6a5166489f77c8d20050d7eb
SHA1 83d1706bc1bb4b7e491045b945c3b50db09f58dd
SHA256 6031816aca7ea5570e205613e1d9ca27f99dafad04dfaa478b78b7127acbb637
SHA512 b8cf001a29d1c1a1d9d075e7e695cd913d946ab657b77ef1e23bcb452cf301f7c6a7d7c6da921e49b56108e7794ec974ce44c0fe058180aa5c9e7771f2906357

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 b322e56a86b24d52ba6c2a10614ce78e
SHA1 9a990a198453af55e2c86f8a85ef6eebcb296f4a
SHA256 3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e
SHA512 0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b50571004b7acfd1c06e46cfdc13401b
SHA1 32c126b85e4c4760c85b68ff03571e2e97998fec
SHA256 df65ad1f37c25fc7bd6fa1ee5a1f660f5dd3d2e81ab5420944d4d956c41345d2
SHA512 6053dce1379a201621bcacf1b3106fefb7352f58247899648e3a276aedad56256add10b7f7919d0455583baa8ce5d3f9da8ea88af9cd0e7ced2a3193c8b77b86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac60c5cc9ad2d4db23bd316b225b3d60
SHA1 18d93ed64ccc9eb26bdb8f3f8b1f1f198656f410
SHA256 2046eb501132c61cf3641fa50118da5b991a96d6209ea96a8b24fc396e6b3afa
SHA512 c20778189cba2f46d45491714ec27a318746ee7b3729b3b3d56c88c2408e1c2c4eb6666692dd95078d4b11e57c91776c69e992676408dde21503b55636525763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\83a1665e107c0f73_0

MD5 85343e6c7d02338aaff58882f1852a20
SHA1 3d2f8427492f5e184d08e83c4a274711cd0aba4c
SHA256 d99248a522191b4e2abd434bc23866521ad57b3d9b3ef8e0aaf3143c1d890149
SHA512 5127127686a53f49653750f82b511e2ae50eefe6b4898679ad7dda92ce928e030a59a09dab7084d5823e645769d373a272f0cb5430fac34a17134a755a482476

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

MD5 a45d240c403ae77892c77030c031856c
SHA1 f348628eee2ff79c3db99e544e5b2e1c380da028
SHA256 cdfd1827b18fa55ea43abe5d5897e6edf5cc69aa58fb76920681f4002c52a076
SHA512 83111b3490562c41c5fda2edb219850a232a1c4daf514ae55f4e9561babb4c1c312c023460ff392ef08e60a2c96fe28fe362672180a133de274fd4226843cab9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\index-dir\the-real-index~RFe585687.TMP

MD5 895558da52d054ed76d9a94f5bd7c857
SHA1 26b7990d82c58903aca0e83b86fc1c9b5db7c0ea
SHA256 21c9f0346a5d939a2ed04417c7afd330cccfa811828a90b8a3747174d6b760f2
SHA512 7b2a8263d8ba52cc1a9250cf78729498e67eecb6b76df62e2b52ede0f84cddc47ba8f7ea6052fec09cd6da4657c27fb2e034626b99d5406e122752bdb04f0bd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\index-dir\the-real-index

MD5 d4bc14ff143c1a716c4b811900741d95
SHA1 4a4698fffa76c0acb521e9f8a28e2f6211a914f2
SHA256 80f3ce9020109ba164562d8d3acb88e8373f9cfa4e28028912d3ae0c4dca898a
SHA512 cab439ee7d9b2550b0f414ea4274b88537e1b98294d55ce112e8c58cb944467377a6ce19db03d3154d81e5eae177ac5122f237c473646a2ed0e39d4e089a1d25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d1e197b0fb1832cec83cd1b0f7c1f61d
SHA1 cacf5e40e83566d6c2a562648cd2f5b9065c762a
SHA256 24e4ecd325172929abcc0100bb53c6c2e36709f962878a793a358d6bd78ae940
SHA512 eb834a11af0913d166f642c29b1aaf969b1a2649e83c708ba15f5c2c7f6c3b6ad9563bfcb81a714ba2e4dc2bf0e0a6d351c61568e80806d9f84367b0b6f0ce4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 796584179c854adb9dc70b4324adcf6a
SHA1 3a8c2e28c7a66929d7bc6cd365514c7bc236934f
SHA256 995fd552216efbf3667b6ba61a73ecb10b8597f6b7827b059f456d47f1f5e101
SHA512 2d17855ddac5374145c9da15343716b1fcf48cbf370aea9872c12355bd8fd78d4f2632f36dd68b7f35da1b514e9eef902b7f56f6593b5ce601a103f4554710ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5862ad.TMP

MD5 6fb7d1d4a0a6217ec0720660498144a4
SHA1 784a74dd569fed0ba0f6c8027e61685035cec518
SHA256 fbec828d351f4754d74413204c055dd44c4cbbe30f7461bd3a0c0fc5268ce00d
SHA512 eba2b0f43592b897def2d0ac4d7ff1c7cde4a72c05f374c306bfef0f14ad9e605178c31a4df17218f00e250ca958e8baa2116609ff2be335ef8913a5de7921ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 06d573682032a0aa04d6062aa8c1e93e
SHA1 c5d2a1b2a41a9f5f04a2368b49d9b228892f9236
SHA256 44190d8c4e5b9efa8fc86436674f96d4234333512757102598694985f14df18d
SHA512 a6394d187f1f5244551712acd78ea748b90790c77cef3d9a53934c98b93b49c61ef6593289d753fb642496378fbc2b7baf6f256e077bbec2ec0fc1ca4ef71394

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a0eff0-ef2e-43a8-9df5-f7dcd13df3e3\index-dir\the-real-index

MD5 c1f4bffb68a4af23c1538f03a7d296c5
SHA1 925cde6e71ac5d5276d22a8542a324b826828c80
SHA256 b415abb8e5f4dff3fdc54e3ca518363415746b9e001a525abbe20fd64ebb9b1f
SHA512 6f74e3067a4fc8945dc34303d63786928cb1e22db9f7f7e38d45b14659be2c3d4d5bf4ee141046eef4e399286150f0bb4590d5934733fcae9c7332945128022d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4f0c78414cc31d9091203c67ec66b9bc
SHA1 c655be0df952267ec4d08db8f183cb35c45906f1
SHA256 dc2d33dd5abda07dd279da9ed58194d0942d9f25f0b685cb89dbcc9982d8b326
SHA512 bf5f7b8b76a8b44f614e945ec6dae7c759388bee478b49156006fe592b1abe85e1e2071368beb2efd1c9b341fb65fafd19c80806d23464abac955dd846bfca16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 e487227847af9aa3774d3ec327c9c24c
SHA1 7fdfda0bd77288a7492475d090dd709ac5863bb5
SHA256 cac591400bfabdb551d4eccf88eb0de34f7dd3fc73e55ec905bf353477df625c
SHA512 56e6a119e1fcd8854de68b0a2f8d3d7261b339797f419f22a2af35b21979e8a018a853494ac4a3aaab2be54d1dcf76dcdd62fb8e6f3c8913fad829f7502be34e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 458f3287759449e11682ed4afc4bfec8
SHA1 3ccd84eb085788cc2abe46322806d0e610277254
SHA256 f4ea8de89e3fb53e6cf1b83c8fa09e48f30df3d974d1562bc53f7afd5d204e30
SHA512 e559405ee13b7b7bc5347e8df66b3ca0a7fd740a967c503a7f1d7c64366ef9bbc4d488b8608c3da7ef20ac30cf5da1b5870feebf0e2f9219da00418e68798834

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3ab413cf62481feef78f834f4ecdc357
SHA1 f354dde0866d73a2f42dbdc09c4f0252272999fb
SHA256 19b6892f37db88fdf9423f08d990a7dfd4b538ec1983dba5bfc82e9e32f64808
SHA512 fda60438e62210759328cc7df12f78d31a0361b61103ea19563b2bf47d886bfad467c8b48213c4dc589d09f6caf0a77da4325e000e287de187f79f4e678f13bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1554a7b967fb124cedf6355b1a44b8a5
SHA1 6c04af751057d175934741fd8e584f92b4a7e9e2
SHA256 1f2c78a7e6d1e6b0b5bcf479d143d7b1af3c144faf855334f9dc9c4116c48cfc
SHA512 8f10455d8726f4965d376f854efcca730223c5682a293eb4a8bc3c4e136786f74afdd6c55e2211378bf14006ae7c04de7475c992ecee82bf696176989990becb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6bffa9fcde2ab2bd6fc1ebbd381985be
SHA1 80561843b7b6cceb1f1fa66cfca5769996eb060b
SHA256 0005bf1db3cece1e72a0a01134c3f789ed4f31b1ed0b4fc69b55bbe33f324f54
SHA512 0797bb5bb2a2a3c2397fc33510d9379872e23288eda74b2e328d7dd84dabb9ae00ee2a6e067a24e7e065bfe7d6aea4de1ae0ab47765fbfcc8565ea72e3aac0f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 45881e4e67d8898c5b487d2a9c3624c2
SHA1 256866f789aeb66ab7e81b81035c6a65c3cef0e5
SHA256 10ef1e79fa55d34ff61e1cb252d36adc1748831c2d90ee94c2cb3e096bc61ce6
SHA512 a2341aedb6e858d07666daf0805d56084ec90cab4b8bf61561762be01b29b0a47c8eb55fa2790cfd22e7718ae05b69361ab755f0c4aa2e53569926061a15f7ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7d6eb28de4173deb65620386e4199380
SHA1 c9c0cf46750331352ddfa604776bd64048f02f24
SHA256 30a589c87fb6741a4c44a827413a88b97a53fd338f97040a78088f927d71ca85
SHA512 fa5ca9451c980f16336475e5c0b67207275bb48bc22ee6835d65fcca8096eb63490c149e311e1d93ce69285c1824fe6c483a6083afe496afd5e83d29dcbc6c7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c1a733a7bbb25e6b5b95a1d5ffb785ec
SHA1 5a6571d0f107ec6ac8dd176df1c1fc6892917bae
SHA256 61667dfff06a2b55c49f3c5b62a158843fe2cfd0b49a4dc07e560120e5ec93c2
SHA512 1321cb881d463f692ba3c3fd71064758fd96482986b7bc1273285d8ad2f9fc0dada7344e64a58e288939be87b7c628075aaeb7d56b194e6d21a1f757a2958a1b

C:\Users\Admin\Downloads\SampCheat.zip

MD5 ac515523cb2b3733ef577b41be25f567
SHA1 de33fa0b3c4cf54453f15181d636ee019cfb68ed
SHA256 b4e0a7e5019643db5b46529c37c22173b1001d59030f1d711492aa3387445085
SHA512 ed79899f7c030696816ae969a6eea0aba82da3d6842fc7e156bcba726eabea9a761c8c84a04dc4e72094e710b6235eb980d1aea8a55b86e9f99539c95ae168a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3495f9b310597e47d695c6c307964d71
SHA1 744a28f4c8ccacacd4593a5c4f86f00cbb2b7724
SHA256 6a328fe00acd8ded75e9ca1911a23de63e939418cca7f64ae78a9eee0a4664d0
SHA512 b0234fac17e709137d473812e91abdca961caefad15e050d3fe0e7ed8dd1b5564005b1819dd62f43f4890ede9669caa1d8ad205977d69f0c69446a52f0a81d45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b04cc4b066daf3936e23e9bbe0c0b823
SHA1 8a29244966445575eda933e0d2f2706d77842cf3
SHA256 4dd6d46386352df8b6a313d31a0e2b929dd9e561a8117581c4c3bf9ecc91cc02
SHA512 f2bf9097a2f6abd7222d7fa8d388f11849dc1abd12b19e5d3ec6a12551212b88fe1970d477ea596dd5baa1070eb1df8d4bea1fa44a485948df5cd217547a1ab5

C:\Users\Admin\Desktop\SampCheat.exe

MD5 73d7e637cd16f1f807930fa6442436df
SHA1 26c13b2c29065485ce1858d85d9dc792c06ed052
SHA256 cd0f7fb1020a931c98c7c258241f06292cb9b7cab8e9acdb4010f4d56f076ef6
SHA512 f3561a2090e70b6a2a7c4070daebce1b9ff269fef1a8ca6297c20eb28170675eec7c689d05a05a00b8ddb2d1c2c82639c5d53f63782c0460acd4d3aa95328922

C:\Users\Admin\Desktop\._cache_SampCheat.exe

MD5 885383199b4458661a083d690adec52f
SHA1 7f3a0cdbf4f14e71fe0061f35c121ce087918a99
SHA256 7e1fbcc206aed09ff42684b9dcdac876e2a1f7c068463430b1bfb21564af1252
SHA512 dbe796e5c8caf1de33ddfc499c86f3a2d289ab6f1e1f89ecabef7403c70e2ea18da72897184988f12024e01e159276dc6f70b09266102bb542517d08bf41d31b

memory/3876-1229-0x0000000000400000-0x0000000000AAC000-memory.dmp

C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe

MD5 e6aa5a9a61e5a14929496cc623751fcb
SHA1 e5e193008aaf6155d8959d1f237297e134c8c69f
SHA256 4518eab1e079194970bee0b64f0dc5151e2208a48a94672e9a98fbe046e6a7d9
SHA512 45a4385a57d928587194313bd04ea42714619e2a3f35f8c7af0d930507f1e717dfd9c4d00c36514a826fb2e5090ed7e9b8a76f099798d2c468910c40e1d7cd0e

C:\ProgramData\Synaptics\Synaptics.dll

MD5 c0ef4d6237d106bf51c8884d57953f92
SHA1 f1da7ecbbee32878c19e53c7528c8a7a775418eb
SHA256 b9eae90f8e942cc4586d31dc484f29079651ad64c49f90d99f86932630c66af2
SHA512 c96947d47d49d8c09973c760f066b0fc600d9caa9f5972eac1d61c7d06d7c6c28c4b280827c576a63097c7daf6609b4930ad34a353fd784e748cadbdb971d4e6

C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat

MD5 f0817915454c14a131a03bb1e970a3d9
SHA1 40bba77a1b68a36053d1cfce4a8820eeef1108df
SHA256 9983f72ca78bee90d64610d7bd9bce46c075674f22307494ad40982ff760978d
SHA512 00a97f09edc0824207fe5bf10e6d7ab903740bfb507db085b912e58a62f8ec814f05940bcb263163bec71e71def1ff9868fedd7b0348b4146a70198a00606c66

memory/1412-1284-0x0000000000400000-0x000000000040A000-memory.dmp

C:\MsAgentBrowserdhcp\Bridgesurrogate.exe

MD5 d5eb73597ed0a278e1a993ee15c5cdb1
SHA1 c0a88c5eb727b7e4eb38dd90e95cbb1c37de0341
SHA256 b6b9517b7429afea6d33ae62a1cff9ce8290b160f9f5544b1d9dd3ab0f620404
SHA512 538de4b61b35c7acead9e8c26bdf1a47e024e7dd78402b4dbeb5fe6afe6ec7c323f2700f12c6ed441c51b61b4b3884967df67db6ba4ac682fc32c616dca2c932

memory/3912-1288-0x0000000000D60000-0x0000000000F3A000-memory.dmp

memory/2328-1295-0x0000000000400000-0x000000000040A000-memory.dmp

memory/3912-1298-0x0000000001740000-0x000000000174E000-memory.dmp

memory/3912-1300-0x000000001BA40000-0x000000001BA5C000-memory.dmp

memory/3912-1301-0x000000001BF50000-0x000000001BFA0000-memory.dmp

memory/3292-1308-0x0000000002A60000-0x0000000002A6A000-memory.dmp

memory/3292-1306-0x0000000000400000-0x0000000000AAC000-memory.dmp

memory/3912-1307-0x0000000003100000-0x000000000310C000-memory.dmp

memory/3912-1303-0x000000001BAC0000-0x000000001BAD8000-memory.dmp

memory/1452-1325-0x00000000003F0000-0x00000000003FA000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\vucraqwk\vucraqwk.cmdline

MD5 c4ee4763b3ce16aa918e5a59a9ee8bc9
SHA1 35aaa0362eb1abbf025bf710a359664c1388cc44
SHA256 f9958cb89d0d78c166d78d8f39e343a765b606cb309868fabd0ea7dd6cdc716d
SHA512 5e149eb8fc6958ae4d80df07c3a717cac8d4190b3a1a8fcc6995c6a6d8878c9464508aa5e7a57d793b728f0c498c84f527821fd6e7f10ec012126149e9f1039b

\??\c:\Users\Admin\AppData\Local\Temp\vucraqwk\vucraqwk.0.cs

MD5 b9405413cb8fb32b9bf116c2b0ab36f5
SHA1 842765a5b381436fae05b4834ab4842186823c71
SHA256 c1e4bb9f958bce8bc7bdedf80e514c140fa26a94f90e0e0e62770284157aea58
SHA512 cf170cac6f974f83669ca0c9657aa9855cecaed7b1f75bf8b13d1adad9e6f33eb998c9210061e8fea6b8ae8140de0cf55b93e87c3cc57648e7cc5db558bd0574

C:\Users\Admin\AppData\Local\Temp\RESE277.tmp

MD5 3eaccdf59d74a9c603d96ece0085a094
SHA1 05c5a75c21fc33b9be75b0be9a1b2bee9a340c7e
SHA256 a3a4cc3e124ddbb6a5b47f013db16bb0f3f2359cfba604fdc92768b81a669823
SHA512 d0c79e50eaef8c7f9911ff5474c1c4bf0ded653bdb5cd61ad7bd7cd38c41d426d14881afe672c8a2e57763d1b6933e108b117989872f52697ed9730e52ef2420

\??\c:\Windows\System32\CSCE7A81917C93A4AE6B67D9565844629EC.TMP

MD5 9beedc7794aa6283d0dfe66633f0facc
SHA1 51dcbc25b09e1b1eed30d7e7c4ef6d10958b5c71
SHA256 852142ec581e78ed8efae8c1c328654f6bfad35e875f0d815c5f36c23a0fa860
SHA512 d07e046a043b4c4fd8352f0081ee5cad8585eda817f54e3a1025b16d8ac47b5d11409a6f0a3aeadb8ea04797bb7edf7edaa73214cc41f7557baa11406bb90eb4

memory/2884-1349-0x00000158FB270000-0x00000158FB292000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fozhx1x2.hz4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\GG3qQO2d8b.bat

MD5 8ba59232d2c9ae2b3581c104e9beed59
SHA1 b16f1752aefa51e767a22e7079af9f40d7c8c2b6
SHA256 ed48f87ea7470231e21a3aac96d8a07a3c28e1d8ca54e615d7383cf114a8eac2
SHA512 8c528597c6b977bb814ec865a9ca17b271d62021d3ac05d402622bc9dd24814d5572b131d9705b8a8ed59c15b2f9d9132bb909c0944bb8ba5e29fa41a48afb33

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 2e907f77659a6601fcc408274894da2e
SHA1 9f5b72abef1cd7145bf37547cdb1b9254b4efe9d
SHA256 385da35673330e21ac02545220552fe301fe54dedefbdafc097ac4342a295233
SHA512 34fa0fff24f6550f55f828541aaefe5d75c86f8f0842d54b50065e9746f9662bb7209c74c9a9571540b9855bb3851f01db613190024e89b198d485bb5dc07721

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d28a889fd956d5cb3accfbaf1143eb6f
SHA1 157ba54b365341f8ff06707d996b3635da8446f7
SHA256 21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45
SHA512 0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 77d622bb1a5b250869a3238b9bc1402b
SHA1 d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256 f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512 d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

memory/3476-1413-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bridgesurrogate.exe.log

MD5 af6acd95d59de87c04642509c30e81c1
SHA1 f9549ae93fdb0a5861a79a08f60aa81c4b32377b
SHA256 7521ee2d065a78efcab55a194fbd78492f84b70595f139263875f4ea92b194d6
SHA512 93ab99bcf588fde553de3240e0d2b0cbd4e4bc5ef5e99d53f45a267d7ff30103a80b5a7aa1c52d6eff1e070af0ec82d2c0b8aafb7099742aa16810edc1815c3a

memory/5656-1416-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1418-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1417-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1426-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1428-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1427-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1425-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1424-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1423-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/5656-1422-0x000001A0A5960000-0x000001A0A5961000-memory.dmp

memory/2820-1430-0x0000000003060000-0x000000000306A000-memory.dmp

memory/2820-1429-0x0000000000400000-0x0000000000AAC000-memory.dmp

memory/2820-1455-0x0000000000400000-0x0000000000AAC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c4a57dfb2159fffd154be9d847f06767
SHA1 faca55d707e860b701e836cb3f58418c87345cad
SHA256 2b59832c1fe38289a28514b4135068655ec73640c5a443a9fcaf3dbeceaa56a0
SHA512 aee702b493466435e6c7a7437643365027ba2004c3103ef0c24f00d7528b739a0a6a928a14aafa2d1a27c2b1fc0c2e59483c19addbf22f96916eb37658b22735

memory/2820-1470-0x0000000003060000-0x000000000306A000-memory.dmp

memory/2820-1469-0x0000000000400000-0x0000000000AAC000-memory.dmp

memory/2820-1484-0x0000000000400000-0x0000000000AAC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b711f01c6135801962fef3317e4a17b8
SHA1 254e55289df499af7df719a78daa127dd3301999
SHA256 b0af96f009d35921fe57e332a477e3a77de9ec9cf57922f5671aa20aa7642b83
SHA512 f834268673209011ee4cd754077676e9b869f93c05d504a74be3d31c09157fc4fa07383f1a84e00a06593a251715eb92d0ad838684fc3a4f96cfd08751debf37

memory/2820-1508-0x0000000000400000-0x0000000000AAC000-memory.dmp

memory/2820-1509-0x0000000003060000-0x000000000306A000-memory.dmp

memory/4652-1518-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1527-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1526-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1525-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1524-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1523-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1522-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1520-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp

memory/4652-1519-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp