Malware Analysis Report

2025-08-10 18:03

Sample ID 240507-pjxt9sab53
Target images (1).jfif
SHA256 bdd5ea18320c3fb29eece7ffff299152d11361659e8640f64de736affbe11e61
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bdd5ea18320c3fb29eece7ffff299152d11361659e8640f64de736affbe11e61

Threat Level: Shows suspicious behavior

The file images (1).jfif was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in System32 directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 12:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 12:22

Reported

2024-05-07 12:52

Platform

win10v2004-20240419-en

Max time kernel

1800s

Max time network

1686s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\images (1).jpg"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\globalroot\systemroot\system32\usеrinit.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4044 set thread context of 3564 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected] C:\Windows\SysWOW64\cmd.exe

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595581430857074" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \registry\machine\Software\Classes\WOW6432Node\Interface\{f456cbc2-bfc5-6f65-aca0-986e7eba0308} C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected] N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{f456cbc2-bfc5-6f65-aca0-986e7eba0308}\u = "3" C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected] N/A
Key created \registry\machine\Software\Classes\Interface\{f456cbc2-bfc5-6f65-aca0-986e7eba0308} C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected] N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{f456cbc2-bfc5-6f65-aca0-986e7eba0308}\u = "3" C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected] N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3411335054-1982420046-2118495756-1000\{56E6CA3A-880F-4215-A72D-2BD94D90B753} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A \??\globalroot\systemroot\system32\usеrinit.exe N/A
N/A N/A \??\globalroot\systemroot\system32\usеrinit.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1720 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 4296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\images (1).jpg"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe054fcc40,0x7ffe054fcc4c,0x7ffe054fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1728,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2496 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2072,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2604 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4756,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5108 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3408,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4384,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5196,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5184,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5180,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5572,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5596 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected]"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe"

\??\globalroot\systemroot\system32\usеrinit.exe

/install

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3368,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1452,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5724,i,1191143520582884669,1618747562235926892,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1248 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]"

C:\Windows\system32\mountvol.exe

mountvol c:\ /d

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 chrome.google.com udp
GB 172.217.16.238:443 chrome.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 malwarewatch.org udp
US 188.114.96.2:443 malwarewatch.org tcp
US 188.114.96.2:443 malwarewatch.org tcp
US 188.114.96.2:443 malwarewatch.org udp
US 8.8.8.8:53 unpkg.com udp
US 104.17.249.203:443 unpkg.com tcp
US 8.8.8.8:53 use.fontawesome.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 203.249.17.104.in-addr.arpa udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 142.250.178.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 172.67.142.245:443 use.fontawesome.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 168.156.42.60:80 tcp
US 168.156.42.60:80 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

\??\pipe\crashpad_1720_HPEKXPNHXBIIRDTC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 a484f2f3418f65b8214cbcd3e4a31057
SHA1 5c002c51b67db40f88b6895a5d5caa67608a65ce
SHA256 79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA512 0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 4bfdfc2a3f8b8b36c4f0446513cb17a9
SHA1 cbee0fd7dba1ac8aba2900e7da05ba76a1ecf2cf
SHA256 8ffc30538f68b6feffd141fe442ff3e5ea1f8f7cabcb1b6e14796f0c29b0d306
SHA512 97d053825027db0ce70a3237dd4d0ea4efd4dee557fc39ca45bc359e6cfb6426815ae650b690dc1814146235f2c584cf9696f83457bf7dc9fc8af13ef333bbbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fda636a0dd5a8a6203fb2f228fde6fe
SHA1 9cf54bd871aba11d1a230d5de971bb152491815d
SHA256 72d15d44c804940e953eeb4f3614b3e90d75a985b47a76168473ab73269f4c8b
SHA512 b587a64fc0e77e3af2bc90fe59a9e35b4a05f33491e14297ad14eb8900e36c0411bbd69dc912b91988538867a3a979373825522513c0563f4979339ca4c81ec0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64ff392716e3eca5cbde5fb4bd9c35a6
SHA1 ad2bae444376ff6fde35f4ee61975fab04a3c718
SHA256 ddfc4efd91ad019dcdfa8dd57acb8f3f2443de19a7566a902aaf3a0d0e2424b7
SHA512 32d83a7ae964d756502683acb3ee0f6d2ec4254105fa228b51285512e5b62647051429c01fbba0cc63a899fdd75b8c47cedd29ae3fe47efc982ea8cdb545abe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 720ad877eb4e21df64379597ee6236f7
SHA1 d2bca20e814bdacdf4212d1413663f433378b066
SHA256 54ffa1e8cdbf305d4110a4666cde963e24a0e4c671b89009d7d5398210f13474
SHA512 30f49e39972f5219d9abc037e428540cd3758fe341b282490e6e2ba4c8c1e439d4788b7dfb532d107cedecbc1852a4fe2e0a57c7cd35a1c4ae7ef5627e3bdb20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 924f296489eda0d8804e89a64b686fad
SHA1 578fff030d9599cfad5f4f51dc21d0c541490e0e
SHA256 77cf4e52c1d4bf019cae6d3ec905d7a334f4add2bcb528b86fb01d32300d7cbd
SHA512 9289bd61a542d3d7e016d77f30f7278e2e390ca68c38541d06743caca4418fc1c81e5024eed1512620878f8669cec5d0a87c638b67c00762aabd059bdc3e9375

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ec97a32f8f9d70f645c50f22e8f7751
SHA1 ce5f42e227fdf2a77dd6aa330563c418a3a190b8
SHA256 02b47b5529666a61a7e763fd524268208cd24d0e1cf0d2c684375a74c7a6f822
SHA512 4533eebb83bacec43627086d61acad0857395df22b2d74f890f59cb4548264a78b92cb0235ceac6f9abd5a743d80a2848955ac0b535ba749331ce5a47fb5815a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd34a1da74d3b927d6dd6839570b4e97
SHA1 ac3d96d93f936f0c303f37f781bb7dfe48aaa4df
SHA256 34366ec43a03750e8e81800f326f0478a16b018801eac3bccaa25f1ab3d1b263
SHA512 0f38400145e75bbcfb7c636fbfcc0c83ff67cb1ac7a98ce1a07a07fb58cbd62f6f152ccc163fabbe6d532a253ae4a6e0a64d6817e8c3fb46cdfa265149827d67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4ea67498243455c99b64870d40e47535
SHA1 2b3589db607464dc896067b83af2193f379c2de8
SHA256 40f6ed338f5335600d43832190d53da1d70dc654f28ea33b2af9cf7bb6bb8a94
SHA512 935a9b48969d1f28b776aeea72a60018adb0415d96648ae09ffd5ff4c30e33cdb0d75fbae84c7c68c9cacd8ef49cebc30799084e83423885fd08efee336894ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26ab7e2791d092e1d1e6e788e882affe
SHA1 c3b429874b810f7098ad70f68db61ebf6cc7fa37
SHA256 60d324d4c6b46ab9b844b66188a62e627d6f0702dd58cb1dcee716fd017c7d55
SHA512 6b0e15d3fd2a39bebcdad1c8c6b4a347c7e9a7747aab846c53e16376842bcb1a9e86fb7653d6e8c581555542ea59d76cd58149c348e24e7ed3c3979daa7f2426

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6a677178324c64c40fcce2d73748542
SHA1 99034c17943adf3d80dfd6dabc9a7940bd8ebdf2
SHA256 a0f1bc1e8aed694d1da0a93981eceef5def24542fad26808b129c35e6a209fff
SHA512 0b65f337eb4e0042447ffafa6ed05c85006c1b998258b06b01b6c97f1b8492eb5aef84ba6c1734e886b4da7a43bc58509116be72141dd27b66be3687d7e46934

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 63336bb514c8afa4cb813e68d6c91241
SHA1 c08e65fab171bfb847bdfda03062699c6fda8d4e
SHA256 a9429658444d205566e8900033113cd89ae62bcde3dd6239e6a1aec20ec6d29f
SHA512 1b7683b7aaa9bed3b9edbd393d1005ffba131e6417cb782079c223681a0796ddcd123dc7a4c930cee3ef235aa28ce8d191d18925419fa036ae568c68c3d1dc43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 9c12ec41b948e46a5108b7dbfaf1d16c
SHA1 860c5126809bae1950aa06800c5c1bcdf05f6c53
SHA256 34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004
SHA512 a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 2dcd778f45e0cf2e173b54ec1006cf06
SHA1 5e931d5e2cecd5d01df486f5145ba048bddd62d1
SHA256 34eebed92fe9952f2127e33463135699c54b5ce0500370584c3cda7b85193413
SHA512 70e27f4c8b210695c812985c903390f46469f077bbe8a2205e19a41370f1f13ec52db36388c90b0cb95d24eb38ed964182f0f93e953cb4ea337c9b3ab3e86dde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 230387cc13961d1848d55945b40b3b5c
SHA1 3434acc8fe47b3d88a5034412c4c58aca6e81395
SHA256 534629045a17f59983a9fe791b2d54cbf35239bad81380b24136107cbf08b526
SHA512 597d1b528184d958d1ca510ea1dca8a35e90027e327ce1527bfd3ae61401d966cc9887528d0ed1ef70a10392bb9833264b629968e2b8b7e32971403c03ed3859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ed2947b75a16bd523cee0dbe2f8ff40
SHA1 3f2fc6fcb63e70d713448d8d91e6af28efe8688b
SHA256 6130f8e553049d9ffc7c6386a9d9288f3cf960855c8a5da57310966d41575f25
SHA512 a1ecdbd342ca78a7c2136dd39c4050155dd1ff397d2e83458b1b8ac892ce7b59826808b2ac0164a0e2085d8c75ec5f16ec88acc2cdc8dfa979e46fc38a3985ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 582f5cc76406f37c875d64d45c9f7cfb
SHA1 7435e6e53095e6da2469358239c657fd18cfac62
SHA256 b7eb762c337b6116869f3e61cbe5625ac66605e66c6e5be1f2c4ca0451dd1ea4
SHA512 e356e5ccfa82055781b7dd1658a6e8dfa4d24ced665b8e7934d601022f8ee3358d9548f5e4af28343ba0d2f2ef0bffc23d11f7654473d2d454c97f5aff3a70c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a712b88f32bdec5dd972e8757fc0c91
SHA1 70c7b2f972834c523a3e8cf4d656949a7b19a02b
SHA256 6bfe792769ab4c901e942e3793b00e135001e1d07dab6d5077bbc859c51e22ee
SHA512 48541733843ab48b530d24dba0bc8d15da81dc028ae93ad291777903e546ce2f385d0d4340aebfbc749bffe978733ebfe9eed0c8ccddd13029cbe13ea8aeb57a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5d02755299d9f7cc1a522fcde1d5e535
SHA1 b618b4ca4d76b527494d6059ed749e0f027add63
SHA256 614861a28aa682567b49a2253c8a7b1687f5055316b223cb908a7c7fd66fa868
SHA512 88f3891cd77615d21c9264f7af64ae1d9249cf060354688dc2ec4e7e3e46654d5d838d60ea42d519ad8619891e007d4f5be0395264bbb41cf053617b907a3a34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ba9936d4e4ae6903ab6499a60f31f7e
SHA1 be043aff7467ca3e0af75264ea5719a6d5353183
SHA256 f0e16317b1b82f248ddfb3697c7da42d6bc8d23ebb7f0810f61b1f00ae717e3f
SHA512 2513b96d1ed28a8bd0eda6b31df1ef48c9abf6c1eba1db7dd28223f5721cf9136b211dc1e95f2be7cbc431f9a92e4caccf9832031e867b48a8aa008a140661c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5557ee731740c2ff42ee96b630ee6c0
SHA1 d041a93316b62b9b4683ca8fcdee2a61c2493ac4
SHA256 c69e942f7f152184b59c5593154f50bb086c685d15d07c6963bc22646a5bb9bc
SHA512 cb7962826dcc5fe71e6a5d72ec6f87078da3e216f65136a16bf64aeb91e97f69ab30e9cf7f539ad447e67c735aefb1f3dd6c47ca745d5bf4f201bddb88de484c

C:\Users\Admin\Downloads\Antivirus 2010.zip

MD5 1876b2d886ec392d71f37423dfef0c11
SHA1 af78db6206cada4f780f030d45fcaa881f892a99
SHA256 61ff034c476d4060fbea6debc5f84494cf02f337a9a897ddb6b3eb3a28c16406
SHA512 9070d1c35ddc045c7d5aa7938d231d139437c0b363c72a71d1edf3b77ea40484869c92e3dc9b021c2897d224d3f2b6bcf64b4dcf44149da9d6cc15d4dfa9951e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2da14b0650ab7cc61593fda787121088
SHA1 b47d75a5961ca9e44e80f9d8d620c5a8f8d60b38
SHA256 b924a58cd07be27edd98b77037f7c49469318c4ef281811346f48268ba653181
SHA512 3a835b309997541fb91e247ead1356be6beadc7650ee5df95b8942cbd81c2db1adad6b667cb0c769c1053ac58175501dc8f7ff965dbd3b333ce758da270bd5d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8866d6d863e29078beaaa9649d7b6415
SHA1 62acc72e5a1b8652d5dbe2e0d8460e788308af93
SHA256 b429cf65ae101fcf01afae1cd62c8ae4b224c85e82611a1a431cc0644fdc4732
SHA512 3e2f7d03d18d88bd28be13defa5210ff6a99db44a589616af1e0e966f14ef86538663c5aaa886122a7dffb8e031615ddfdcb93e95e72500d86271aa03131e42c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f02d76a290cdb2dffcddebe66eb3133f
SHA1 bf8ef1c94f09bf6b1377951a5fad56139974e268
SHA256 ed8c8f2f790948d5e38e41cb897e53878fdd8a3c2247490e6856bfcd7ae79078
SHA512 ff86ffc8ac05eb89b53b309b4720914f3a9eba8d92577d0c885c2b5fa65a1ec7ae5b0f34bf8b6dff0932788f05e6b9e526597a4c2f8911bbd0e88ffce091697e

memory/4044-529-0x0000000000400000-0x000000000049B000-memory.dmp

memory/4044-530-0x0000000000400000-0x00000000004C4400-memory.dmp

C:\Windows\System32\usеrinit.exe

MD5 4acd14244d2cd76d06939163127cfb10
SHA1 75f3e3c764f7d20c9950f5410f753f3210bcc2e7
SHA256 29b5b65a1cdf119ac7c6c9df76c6843b25a81bd00aa5a5e995ec675e34bf1acb
SHA512 001504da15c1825102479ba379b0be7ec15e779626d450d9d763552d7e1ac71f5bb86110f9361363bd401aabc53cdfd2d554480aec8bef85ed8c7b03cebf4031

\systemroot\system32\mseeeeee.dll

MD5 8736c2a37ff0adf6f03d94bb34d1f784
SHA1 e4867b136e100c9d45f6adea593c9a636134f308
SHA256 dbe318e7c72f9558f836c920510a5245ae5af29996b62f661399ce3724458ec3
SHA512 2bbb22540e6ae0ebdd7c5303f67fb3911025a9f8f68c1c192edf5247a66bff885e292dded093d4522488b9a98f5bb00f24b00374e8eeb219184faacc95818848

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc2df9a42051a79e9a123349849da18f
SHA1 0c7a58a371c208111f5f585051c66ced721e300c
SHA256 43e2ec7335a20a74478f5af6bdd374a9496f0c77afa4224e0d74fe082a8cf3a4
SHA512 a3796b4702b69b8586c8834e3cf9aafef43682e96d91a8e151d6cceb5d59de85b2f4faba9aed282aec36a5562bd5e823f4c8d484937b3494772f783f137e0ff4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d125e5a8149150bf3321e884ee437f5b
SHA1 f39d21ec8ea83988cc6bd9510065a39d3b837d2b
SHA256 fecc956c2cfe13f91db8f827cbfcd519045ca864a8b6998ef4a76ef0ae41fd5a
SHA512 2de80ebfd441df74c4f28a974c3ea61001cea29675fa81ea7c40c6ced2d1ef29996872e8ccdea57bc10978c2b9e108de64deefcb648c5467da56c55f1d90d3e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64c6ff7ad2e622540c44ea1bbd7b254b
SHA1 239f87a7786dab83d42bf8825861f4ba48eeb92b
SHA256 83a6e5e77d7faa536560f8be4c985381f5036527541180c0659039082c6ddb01
SHA512 8c324112cf1275787b4d932f9c2e5e44bb852292e607a1344042aa34016fdfa3b7093a2f620f087c0fad5abb620b4aaf08df2bc717e5b6c46bbe43445972bb08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 65909cce05bf2a0de8db6535e3bec63c
SHA1 4abf2779bca55e1427d84bdd5043a5050e989878
SHA256 78fd37da2888175890d37ff2b9733b3ccc0132ef2445d58304e99c707f3a1f3f
SHA512 eafae25efa6bbebbd2764e22f90f31b542e713572558f7b8e30d289366a4e1a050161abbeed1e216fd8ecf7556addbf2c5fae32cf6db45984a78c86f66602702

C:\Users\Admin\Downloads\UserOverflow.zip

MD5 e63eb8701abeafc17e18807f996a2c4b
SHA1 e11387f6c188416f43e1a72f4ffdd759f4e43e54
SHA256 7eafd43c18f9613d762567cb5e00d58df71208d6b94c23d634daec42170e0d6c
SHA512 d996ea9566a588bb30fbaeb38435026804b80770a22a1438589e86e47f13ef07187538a105613bfc907bf9a6a377805f69d9e9de071e7ae57aeb11d4ac98a136

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1922a299eeed6ccc4b24881a21fab9f
SHA1 9554bed600765c11460c6ec1bc0a1a07e32dab51
SHA256 97c30ffc6bf7337f78ebbcb3de6a6be525522b921fea99d6d646f6a61b8b466e
SHA512 3554aa8d240828edc9b9202c18f3cb27af67918f09211aec6f46252a3a3878adb835a1fe2c8cb174c1660add9f21434f69118c67e0118b21992d07cdda2d0f32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47af3f03415742ff5cda32e3df91a78b
SHA1 118368dd9b03712af34737815c073cd7dd016a08
SHA256 2a860647d5f9e9618b5bac2020150124ee55a2188352feec78840b9f62b05191
SHA512 389f7b4931042b09dcf37a088cd1e632305904c1b768ef564461286c3984ffc41e04315e82af43b2ca12d1ea235480c59658daacbc96c3bce7def68c8bbcedf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7b36e2ead8213219a02f847640606f5
SHA1 7ec347e8a18cfa0ce4055d3504d660384e97e263
SHA256 f39c4392b71744725472913653c2e17deabd4860aeed793c83dc4c408d713f17
SHA512 854ceab74e7048d027c9c72f88da843f9e1f8d64c1a3146ed7224239a7ba1aaf45cc6711937a66e8083e97db87f6b8cb36fde3f6f035b0291f29290771f38aea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 def919db6680426b5e1c75014d04f554
SHA1 6b3d7e310b9dc0d766c82270a43bd77abbc8c3b4
SHA256 6a34cd2d5af93f1b7b62b96673b938a73e93882a4d4ce306b411c41986bd37f7
SHA512 271cbd56137ef61af349c831a242a29605a4a939251058cea4acd5fd073e7f544dfb51ddc754e588d2a3b778f7a73f3f50b039ea5769f46dd5eae3b729f1a91b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36cc8ddf01b6bea577fa88f8cbd1b45a
SHA1 961af1850fdf34b03030d09a2b77889613dd52a5
SHA256 aed00f26131fab0a9c7dde324de8776cdd0ca3578ce1f7c394662680f6700476
SHA512 e616ce5d3a8564dbb49fbb578974f89dd609e2324b812e74537f1a063e676433004fbfa61d61b1323e37bf2dadaa2a14b4b6e4c535f66923036fb078d48c2b6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d4f0fe4b6e1aae19680a2139fe62d2a
SHA1 5fd9b40b6861df31853e04922eac167d2d34bc55
SHA256 5f5e43e0cc31a0909902f3f259a72fd705e707d25bcb105119586bed0b6e5995
SHA512 42dd795781508f15139e10e7cfef9a815f8ad18e50a11d8b35e15d40cefb0b172e6f61691154e24a967e53a16a37bc2bbbf9eb648ef282dfd9626384e38f5e93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8a79ecf70b53ecd7c2c7c3cce7a12869
SHA1 b37779eaf6c3d2a0fb9153e427feb7052f73eb7a
SHA256 340aa25f0aba95e696806236af89a474d0de44226232e49246e899c2011ce55f
SHA512 9923647ed420ab46e35b3281363f9128f5d77ce96abf51ec1ed0d6a741a495cc81d213b16df49d14a8d1933e93693b6463a9195d4d6644b1e957ea740f8cc4ee

C:\Users\Admin\Downloads\TaskILL.zip

MD5 f3f982622520af32cc86d3a22f352af0
SHA1 99b7c8a8afa3cfc7292893d7b2253a581249d9d4
SHA256 653b5c625dc6f24dcab5aaf33e77fd3c994f4783884c21d0a71b5c1fefbeb4e1
SHA512 27482f0293b88c1a31dd1132401b4df19d3636f1a31f2b607ccf9a28dde0165381d65d9d0c492ab6c300bd1da0aac9e8df8c7cb3394cea35c90ce1a544a0576e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75c6c2ec3907c3aa37360aaf1616250b
SHA1 2a0d00dd52b7f0345d4871116f5e729878b0ddee
SHA256 1a8a4c751ed7cda40ad72859985091ce4275f1128ce7d5b205866c0905e6ec0f
SHA512 6d494b33b0b779303c1da24181651577231174c31aac21775279e92b860501c29cd6100d9a530d93472301d91c65f66351ab1eab41530446f143d56679e37508

memory/2312-673-0x0000000000310000-0x000000000031E000-memory.dmp