Malware Analysis Report

2025-01-22 09:04

Sample ID 240509-p91nvaag8v
Target https://download.tt2dd.com/
Tags
redline stealc vidar rajab discovery evasion infostealer spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://download.tt2dd.com/ was found to be: Known bad.

Malicious Activity Summary

redline stealc vidar rajab discovery evasion infostealer spyware stealer trojan

Detect Vidar Stealer

Stealc

Vidar

RedLine

Suspicious use of NtCreateUserProcessOtherParentProcess

RedLine payload

Reads user/profile data of web browsers

Executes dropped EXE

Drops startup file

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks whether UAC is enabled

Checks installed software on the system

Program crash

Enumerates physical storage devices

Uses Volume Shadow Copy WMI provider

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates processes with tasklist

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Modifies system certificate store

Suspicious use of SendNotifyMessage

Runs ping.exe

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 13:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 13:02

Reported

2024-05-09 13:05

Platform

win10-20240404-ja

Max time kernel

150s

Max time network

152s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Stealc

stealer stealc

Vidar

stealer vidar

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url C:\Windows\SysWOW64\cmd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597333775792595" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 200 wrote to memory of 196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 200 wrote to memory of 1884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffad1ec9758,0x7ffad1ec9768,0x7ffad1ec9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4708 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\" -spe -an -ai#7zMap24869:146:7zEvent13736

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\" -spe -an -ai#7zMap2856:228:7zEvent6800

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe

"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Broken Broken.cmd & Broken.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 1151

C:\Windows\SysWOW64\findstr.exe

findstr /V "BluesAlgeriaDefinedIntersection" Pressed

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Breakfast + Dinner + Steven 1151\Q

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif

1151\Equivalent.pif 1151\Q

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe

"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Reprint Reprint.cmd & Reprint.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 55205415

C:\Windows\SysWOW64\findstr.exe

findstr /V "pastinvitationinformalimproving" Does

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Bikini + Relief + Fw + Maximize + Bases 55205415\q

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif

55205415\Announcement.pif 55205415\q

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Windows\SysWOW64\cmd.exe

cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & echo URL="C:\Users\Admin\AppData\Local\CyberSphere Dynamics\LynxChat.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & exit

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 2364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 2356

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com udp
US 8.8.8.8:53 242.44.178.108.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dhiqaragency.com udp
US 172.67.215.245:443 dhiqaragency.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 245.215.67.172.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 BDMkHBPzrNwUIRfHIVtQKUDid.BDMkHBPzrNwUIRfHIVtQKUDid udp
US 8.8.8.8:53 KUZLiTEaapNEWFMhPiGnHQGgq.KUZLiTEaapNEWFMhPiGnHQGgq udp
US 8.8.8.8:53 steamcommunity.com udp
BE 104.68.92.92:443 steamcommunity.com tcp
FI 65.109.242.112:443 65.109.242.112 tcp
FI 65.109.242.112:443 65.109.242.112 tcp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 8.8.8.8:53 112.242.109.65.in-addr.arpa udp
FI 65.109.242.112:443 65.109.242.112 tcp
FI 65.109.242.112:443 65.109.242.112 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 217.14.97.104.in-addr.arpa udp
UA 45.89.53.206:4663 tcp
US 8.8.8.8:53 206.53.89.45.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

\??\pipe\crashpad_200_PDFQZEAWMMWOXPDR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4ae54ba8-a068-4e20-a966-2382f3891bb1.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz.crdownload

MD5 712e95f9d0c5c7359aeaab697e099f9e
SHA1 9ff66a4d79e060d764093b70fe68949b62edf439
SHA256 d954514846c34e32e4cc7a29b840e4842a9dc7146c7daeb8ed454e301f52f7bf
SHA512 7582f4d0a001df350a0ae4da5e189388017c63345dc06e3c2656baa3e931688b4e8c0c127b107730f71dc3723e10ebf67fd1de17edac6fd29f15f23fed296b9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 69043e67c80d4dc6bc7ef3a46681d510
SHA1 19db0ae4d4ad8613aed5626542a9c689a894d482
SHA256 09d22baa9b45f6c0caa352c135858078ea28c30e2cd712312e3d39669e74ab99
SHA512 7cbed596650d02c4545b49530cfd1b5471ff4a196b9829a83e17757f92ab055375fccd6e618b28122075eae7e81aef2f49b15e9021fdef2d0defbcea36e91ee5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0fce1ca8a86aafef0f7bc63ccaa15ca
SHA1 fea36e6c7a549f5a4c419c108aba4665125d8eea
SHA256 eda5888c73f4ce760b0a68c4201f2c42fae043c028553ebc06e44c858b601ad0
SHA512 3c26d352c183b490f44da63ce8f38a5476adde6e14248ec0d4cf5ca3aa3d863818517460fa2d8877a2c455292a7d899455be467bb704ba6e8d7c7270579f1dc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b900c2238604cb9a65435a0a53a9432
SHA1 b3d443f24cef15f5d848c4083301e2967bdcf023
SHA256 81d28f3a94f0b372836dec666533eab552d01b1d9eef3d8f5334f8a6352e5ac2
SHA512 3c082d4e2b99e6bb137e0115224893a4f3f6ff84a953fc209fb892f0aaef8d0ac4903d2dafcf0f32073450881dda4e4f72ba2e59178dc5bc1a9673c49cb1c117

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8932303bef4fed628f19f766246fdd31
SHA1 9ea4591ed68cb3234622d4ad3a4f55c857cebad9
SHA256 4e7bcfe97b556a17e8ac240de71db7e259696d1100b8b4ee182b0c08c6701bdc
SHA512 3a78b1b9155c1b4b98d5b0b60193e114578830dd0727342919cb7a9d53805fc1f9a232c8677921f3c3d62bb7b615090cb8b96e431c757ebafc787661e736fcb6

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\bin\Debug\MusicPlayerApp.vshost.exe.config

MD5 28960c034283c54b6f70673f77fd07fa
SHA1 914b9e3f9557072ea35ec5725d046b825ef8b918
SHA256 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512 d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Broken

MD5 dbf242470b8793fbb15f2262de428dfe
SHA1 5a5694c41907a53ac44c0ab164c104a9c3377667
SHA256 66f1be1ca30374f5c9301d0f4528eff366bfb44d67c65e1321b066a3e6d1b9fe
SHA512 1059e358d3e513ee0a8ef2e8aae88a900890c65550bd6eff8cb50e02fbbb7dcedc5d0cf61e4dfbd196436f2b41c99fe5fb08afd8db595adc54e4b98659280f76

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pressed

MD5 cf5f76bcd29588fb5fbebd249283460c
SHA1 1a1f6a7b4a39acb640a016b5d52c672762de44d9
SHA256 dff0f7ea17f596008bff24de1c9231ac973091087ac3b305fb7b09b64e917b80
SHA512 2cc82370ef83fbecaa68d418f12c6fbe5cbcd99d6c55f49ad2e5aa00e51617a1edb4ba4ad36bf4dd195af57b54f1ff5cdefc3ddb72d7b14b047350fd6c886330

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pension

MD5 fde08f709e056568f8556560990f5b4f
SHA1 db297a5b34deb093a0fb70e8bfb098e4999bb4aa
SHA256 260a009cd47d7c01df3bf879f374a2b1b97cb809fdb73d2f9253c5fe3eea86ac
SHA512 41373bca6518602d3136fdf42798a7469510ee1450664dfd1c85dffd638d3b3623ad7bbd3d24afae217bb5ab537cbde79e5870b741c507759affbf2c36adf865

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Crazy

MD5 f2a40b7cd21b530472bb2e8b0d89136b
SHA1 2e45167924bb3c1ca5307feef80fc43a4a5e7af8
SHA256 dcd6a0df13bdb3adcc2aebb1352ed61c82f0f6f1bca2d19e70cc0f5d595c8e92
SHA512 663affc416f064c9e94f501d406f264246f818e1c57dbd4f6a6f9ec34de8c3da0229bad3a9e60837e5e722b08119535b1a8f0a39ed16a2b9e8d8ae382bc7f684

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Seasons

MD5 00f36700d9d99547a524d6c485f81b97
SHA1 4ad7129284149769bccd1105f77a0a30e600c4b7
SHA256 3fe028c9d835683031c15ece07aad46205113fb404f061e41117cb2cba195f8e
SHA512 56bcaa17dbe4281e65ecb50ff7755d5b62b86e733477e77962cf5147abffb108328a252291eb369b7429eda31d901d5e087dd1e0d5ebac3fb4ee9f29267a0688

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Password

MD5 642cc3cad7579882540d6e71b00d5e91
SHA1 fcfb810fa0f5983b781582afdd1a2b65c3310bc2
SHA256 d874480ed8bf8e2dbb3057848eb2a3cf94a64e1e61f8897001a3e05b63e3f29d
SHA512 b7afb9423475687f42c2dc084647e16d1054badbdf0f2c79952bb5b9e9c436fab48ceaa731a9630557621f3c3b785c64d49f3ad62a8e4af129d25bc4927f45d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Storage

MD5 b93b13b168b93143ab66f60fc81d1fca
SHA1 7d342b47bd372aaf1991607d66d552c813c5de8f
SHA256 931c7ba52717cecf461dfa66a44d73f053befe71bc8432893ca0428c2f1d8045
SHA512 27d3cb138365c8a7bb4fdda89294541a311a40917b23ec5abdd3b61ceebe35ead8ae1b78d8283fe7f34220deecb7b9deb3c90920ee5b1eca3d4b59606dca7064

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Answering

MD5 c5f9f475de7e9ee88385c0167faba246
SHA1 c15f28af857b44f21bfb9cf30f0045fe133fed6f
SHA256 f90752a63f2f936057456e210a3aa7cfc9c616c527dfc7722ab975eed47d532c
SHA512 498660418e16797084ac2376ebaf35f30daaa62fbf9c767d7dd8bd5ff0d8a1590d7a94d9dc3054932a02b5283109801d7855d65d41a3f95252363de225c00cc9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ta

MD5 f60f406fd3dfca1f0ae0fe0113dec01a
SHA1 23d51e53c09b720aa25125f195501c1e0402378b
SHA256 3c184485b23e0d19b39aeae57e95cb772fae39c03b0838605f9acc3ae23d50c9
SHA512 72d62af40e6432380aa52b752ebd8770c70586d477c00996cda0ba30ddf78d6303d6dcfdadf1a3fb1ad965f0dda43ef7ee7397e32200d2717795e6a946230327

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Joins

MD5 188ce596579c2d930d187d97ae19a767
SHA1 971c6af9d0e20e1b1974edad01f7715df97e089f
SHA256 8b8de4c9a3d09d9841fa94453ed482ecd6c07669b0c8dee18c623b9a4eae9721
SHA512 b72b038d4d6c6690864a5b28db593e854116fcd772e71b97fb8a691dde954113a2893b9d67e14c1ee94aaa6ec4c6e65cec7864ce1587012d1bc3daeac9b7680d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Exercises

MD5 4ae9a830a28df6ceef564e032d7c14a6
SHA1 dd1a92d2df6b939de3e740da26e58681c87ccdfe
SHA256 5bee23acc72504a2789cf9e21bafbf2fc098f612c174b891bdd377712d1283df
SHA512 7ac0f03bf67b7be669534909e90a2fb7dbfb35bf97e1b6c73538b5b1c731614b5f474355b9577dc669a728c682ad367956ca1d7e204e9f37b6b9abc353db06d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Vibrator

MD5 f3491fd23f5eeab678812b758b29ffdd
SHA1 4d724ffc50c0139276f2e3fd561a0bb10c697fe7
SHA256 0e0137af0f7b35ad1320a820e1e7b5e309bbcd64479359673a779a8c1f8eadfa
SHA512 ea5b47524d009c0abdcbf7890c09c5fa14683e23651d028c520a0cc69aadc34b1a07700996920b5aff02c9e43f121ab335267173d65c318d47a15f71aa08089b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Valid

MD5 a4002638cda7bee85d3575c70621675e
SHA1 dceae6f7f26b99b57baccafea26709946b7b92a3
SHA256 e556f7586176e36b130543596b42713226b72b2f3370457a00245c04e941a41a
SHA512 40882a32315426494a08b4ce9c3db7a78225ed1c6839d6fc7a09e8c0a818a83f886a31d010f1faae1a530ef54316076246df829751676c0c60e190347e468477

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Vast

MD5 13c74e23fa0e28b74c466278c7972b76
SHA1 b88d78a8f56cf98d5fd8cc335c504b421da9e8e2
SHA256 ae188f80af16256ae9a72eb8194c8ba3d47c81dc2ba3595dd4c03bd6a2c4d45b
SHA512 818e852759fc43084a6c1f18f685a91b16bb1366137fd8d2ec8864786af59ba41a40adfae53092430fb2f62271aab8e2b971a4d3a873dadb7fdfbc917cc6b70a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Blocked

MD5 d8aef80768ee56bcfa76caa5fe15e014
SHA1 cfe487e10af8b2f9172c5fbda169f54e7455650c
SHA256 5735673194545ca3dff95c5bde0ee754ada08b0eca9088d8ba79b93f2d130a8e
SHA512 dd41671a84900c2b2fd7aa278c3593129bf304954c485daef3e2c0ab3865d18f79ca0407414cd9ddc018aa00d477458ebb372ef1915ce7a2972059b36d8522a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Appliance

MD5 49374b13b9c4f58f051bdb7ee0d76659
SHA1 3d9d3cc5abee44d9bc126daed5f57e74cbd14108
SHA256 65f44a8f162f34a88331d0a606c273ce1bbae78d52d353c41af0e14acfc44516
SHA512 371605fabad80e15eaef3e0642179ab0b6bb31c0cb43883b4ee0913b6815fc91f22697e706ef87276b6896a69d08e58770269e1a2fd48291915bea03a14dfe51

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sunshine

MD5 d01a3273484cec0753fcd7f1bfb5ad28
SHA1 a88212cc70f516d81f153a20740564f096b3f9da
SHA256 d33a2962db7cdcd2a2f42773a49fde37b5b16b6c37c60b8910ac8462e1729387
SHA512 a8508aa3798ad61c4a224096f0ab609ac8f960b81447445bc039ada5a8b6bd6e7731613c52cb192e288a4aa24ec32ef193498991e10d80ff756a12bf1a319e21

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Consumer

MD5 277d95045008c339f30cd2138f67b25c
SHA1 64d566c65608f9047dac591a141de2659b66d4eb
SHA256 4ea42616dce46c7cc45c813c97b09e609e10f793cd5e921abd4c15a10131a7f5
SHA512 d29585fbd18f82741c38f4f43d91b3fca0f24c5bbcd35ac49dc5413d0f40c48f313f8d10bf75b257caf71be640f13e2abd25d098a68ac0f80edd00a7dbc79408

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Judy

MD5 989119944404397a4981237b09b24d75
SHA1 14f3b87c37d841d8332481c0f3ac50b9d00b080f
SHA256 05601480ab6af823474170d0953d1a697d0a1fe8860ea0c8862552769dabc2be
SHA512 96013745fd64ed52123a94861f2c70651de2811cbd180af694c8d9198b66775cb1a3b5b525ae1312576d565b1a1515ed19107f3c7de3593d39de13b36ec34167

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sexual

MD5 8d766c72362a3019af14ee2ad2dfecee
SHA1 7f2dfe42303f4232d067e470a9374353205a4ddd
SHA256 b8174289e0747853509c4ed4deacc2d473b7fbeff3baac0bf9f73934c0cb97e9
SHA512 4daad1ad89e6f673ab2545d04090c550c7335a3bf6bb5079784bdcd19571bb1265698a5fa9abb1900a7808a9e8b2e6900d43a65bcbc3599fffc2e830b764f4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Latino

MD5 bb1437b2be87b0e7808503c208335115
SHA1 15614fcff03411eb862b0e54c43511f86b8b45ea
SHA256 3719418bedd1399af15de17e743dad77248c4558bce086eb0c45f8264387126c
SHA512 101b4e2898e9e5fc5e2303ab2a1ebec639aa08c00a1fbec26e246ac6a213be5dc1136854eb39aef5e0e2d784a52d8e9f1147699b8c12c6a417dc2a167dde877c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reforms

MD5 dc61f4044639fd045e46dc6748a87d9e
SHA1 63b918503271e064f7408f477d4d205b9af30add
SHA256 d1e7f246ce79ba130d6653ad97f647a139c912f033fb60605009618ea178cf70
SHA512 11709c10bb721452daaee66f2c643df1ccf8e55ca857924a9f0b0a6e1737e75ef8a959490ca053d3cf88191257627a46b8ac921597e1412bdff35cc05e97a5e1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nike

MD5 b4a58ae8b656f1ea7e3a98f4678bf049
SHA1 359da6812af74179bff2cc0fb28984fd20790953
SHA256 038e6cd0dcab07282e97cf8f4aa0d7b12f1a07c14530a3661220603ee84ce679
SHA512 a9d3568f645e5bc081300c61650e2bf7e82bb09f85985966f765ae86102eb4f1aff0060ab7a0ce9a45fe3cef522b7d4c192d993e31f6aa007e6cbb751169edcc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Informal

MD5 308b2a784c4849fa646c16c85e46db57
SHA1 6c204085a8daf9c2ff2cff82493bda512e443231
SHA256 7c9e13c6a5cca237ac37dac367b7e2eb335f4413e57f9ed4e849b5739bbe1341
SHA512 26199679a129b0a2f606ee1ee1e29df63366eece499c3471df89e03d87c5d16dbf7ed88917b645e7fde1d99e3f7bcef9b8912e900dfab35cf29ff8eb2be1a8cd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Payable

MD5 ed66913e24b94acaac796df6d8da853c
SHA1 0c06b06c193898ab92114ad87d66495d579b6a37
SHA256 f9b6b58c1b6e1561dcae4cfc0bbbf21ea9d59a4c4793f6c1b6a4d7713e264194
SHA512 c425a1749fd37fa2ea61fede81824e1276ade07ba38ebf9dd0d0008f64616d17bce2e48258f49c476dc1c05efa12a8ff80e1357a1a4e5451a363a2647247083d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Coordinate

MD5 cd5637ca9203c24691de8969105a311f
SHA1 559d893dd1f4da99c95d88e21d2eb237112717da
SHA256 ec3d73a8a899771543a4faa68290dc953e7a529bc5ff32f7a209ca35b1eca6a9
SHA512 b6a2ce7a442e592ea0e98e8f337999279e44f1de154c47dabce0469b75dc0bd468ea071a0611f3737fe5a723267b020db7e79941be79ceb15694cadd81e87739

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Request

MD5 eb95701a7ff95c58502a1cbbefae9125
SHA1 6259d70bdd9c70296b6732e0ad2bd682e3a4eb29
SHA256 d13021de90948299992799f6ec233f0e57ade10b2598e80a6d39aeb618d07271
SHA512 a9b0be84a053ec9f006ca0d3fc379831690307ddc6de8a9c6f475df151f122e11b18261908e8d12c48c1bbbb629de0e98ba422152aa0bcfa384e929b3fc9a77b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Dan

MD5 ea49e906570d2d458da3fc23cbcd384a
SHA1 979876699a5cc6c664f142e0f62def3aeeb6b44d
SHA256 8990eb95822a87bd9c3f79e133a3cf935896c9e8acf9bbd0dfa3b80a1ec8f21d
SHA512 094a67e9eb4ecbdf60b992fd421bffdd31f46805e8643322d1bc8e6ea70d4c8a1ac77a3e72e29be3845eb399817ef19d257ac2f2c2232f40968957cf7a0f6591

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Tmp

MD5 902d734dbec4e6cdafec0fc573ea4f57
SHA1 462a62c7244f6d6ab91c42ad42cabedeb22c5073
SHA256 1ca299906b687ad1ca4a5779b24f75430ac1191409c5d9b14d8b369c6713b0a3
SHA512 f40bbc66dbfb1527568fb76029e09d3248a757060455fd3ec53668c5433b7c8f604347f836d56c4ef9ebc77c979ebec28a5a812d2779d75d4afca6407a41b587

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Accuracy

MD5 ddee3bfc70fd8523d10423776459d741
SHA1 8d5a0f2cd593411f6d55769edfddca3c1101e0f4
SHA256 dcaad958200e2a764b31545bcdd63b32757fe0cbc4f1894abbc1dba48b75ee59
SHA512 b57b338bc38ee392827e8c67d53a400c40f65af4792e8df7e2cf877a8e9295d375a334d6cf4f21dc6da3c9cd35647e59d1f07c494d15469ff78e24dfa2efd8b2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Responded

MD5 71749fa91d313964253f9f99351c5ea5
SHA1 21a0661fd1831076ea5c95d6e5d570697a327e81
SHA256 f56d160cd1901842abb36fb1bd3560501b41d13b76f25e863e1f10e1b9960b05
SHA512 a162629bc8894573777850e3e16353767c0003a0a6ceeac56d8584e2e66746eb676fbbc683fc7226c9e923a37fbb98e69af4270fc260629f51505d6185bb6417

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Breakfast

MD5 fb3813fa06ee53d1c852bbca645880d9
SHA1 98b9f1d739629b37bf14bb8d1874a4be3d269ffb
SHA256 944e7c240f6467e28cf5d558ca431c05c73cbbb82e8d5e13b7bef510351f7d5f
SHA512 1b75dfc488eaa5fd07bf758aab0baa14536eb73a647ff6759b86e859992bf2396f6015c8d299f728642938b9ed46a9d75754eeeaf85411827123baaeec5458e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Dinner

MD5 d16292b81c73075a08eb37518afba6c7
SHA1 616b2dfc79d17ecec75850bc94e7a156a062303c
SHA256 7be3633b9ffc2c65434f5933c0282341dc3be1814f3e53fb23ad55a6442292d2
SHA512 f7d6ee24d200f8cd4a562f4b69c26925d29abee38f0ac3bb9041e532bc25792fbd9a657415068903eddd758fbb9479bad5c0a38e1e3915d3197820e2b79c6280

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Steven

MD5 e9706721344cc69dc298727fd216bf0c
SHA1 8ac8f598326a82a2be44a9d311d41fef6ba10f2b
SHA256 7eb20faa2b9240d2b6df521424b44bc95748f1dbea8086e50a45a6a7ac25aca0
SHA512 c3a4a7e9d9a9418451e862c7371d12331404f13b04e27742b6e91765e2bebbe14b56613c4c59895f74c7e965dfc1d6d22186799301ec1a8b369ad7ba02571cb9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif

MD5 62d09f076e6e0240548c2f837536a46a
SHA1 26bdbc63af8abae9a8fb6ec0913a307ef6614cf2
SHA256 1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49
SHA512 32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Q

MD5 cbe6470aa4c079b90c574d166092a979
SHA1 ccaf0c65ec9bd008744ffe40568ce51e6bae713d
SHA256 3b7825dc157b085a7b3716112ff054b6551dd0509344197b94a3627d9f156765
SHA512 93e97ec04af55a8652955680096c6e48883040a668ac23c9db450187accdc09b3ea01475e4108d4b6761657ec9728bc05235262c083f004dc864f1090a252188

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reprint

MD5 55dd4a20f7eeebd633cd9686d55a6fb2
SHA1 400dcd289e265494671d162731aea59eacceab0d
SHA256 dff5d673567b73e1bb4ecc210d61d1db5a5653920cb2aba84d1cef5d6d3ebabe
SHA512 59748f5fd92a00d3234c06ce3335cd9b387a48449b454aef915ab539d13de2c5983892c9d88fd713327b2fa67e5ec2b1f2e2417a52fb38f4c4b56f079d8a6d16

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Does

MD5 77e157cb17ed60656abee35ef0346168
SHA1 1c3d0dfcbc3be543b798b74cd92958128ca8b128
SHA256 e257d8d93bf73e5e4a8c40fbdceb6e13e9651f683f18782d6cea323402a07548
SHA512 3e970d2773b117c02b3640935704f2e3ec62cc7dc5d12364efe80249c1ca7c8231f4d6b245f1c744f4fa69441fd2e40681e0f9dd886d3f4f245624cad3db3082

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\His

MD5 751c49aad91b18494d138ee0cc6cb622
SHA1 621725721b84a279817f3bc0bcc9b325218548ce
SHA256 3bdeea17d6e666560aee48eb09fadc35c8715540b6ac68e5800018100ecab0cc
SHA512 3570f90da5ef4386f57233aeb6caa1f8e71dc9a3caa92b05bb56a768d7569a2d074bfbb3e89d975f8cceb458013538aa331da6870ea006a148405346e8b06c76

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Proposition

MD5 1702b70ee4cbb05665de2037f0f88161
SHA1 8be05a314d814265b8da7ee8a934624753fbd38d
SHA256 6492974c3ce14d4813b4cf2da843329a435648a339b95dfd32f8d566626a5f99
SHA512 5a0b7cbdde942a176fb9f9ba238a4e15c2d6da1cf0e7eb3742c69727faf447d21d62eaeee2bcc9b2b7b92b9a8cf4c48f47ce28f16a6c3613a95114deb0083f2d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spears

MD5 8545d958ef99bfb24b569ab066d8e27d
SHA1 303b7b887280b61cae2936201cebb874c16f9b3b
SHA256 e67d227e4dfc69ff61d03c5ece2ce16458f8ae590a133976397129bf9ee56406
SHA512 b2c357bd47f6a470b12e1ae518706814166f053f242c73abbdc230cfa07a56baf7917e63adb1563161583adb89a2f2a7d7ed7d7d22ab3324674a3c7b0bb94ee6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Laden

MD5 900fe58c36324ceac6581212821ad122
SHA1 3e8ff27af8047e98151368d414eafebeffb88e28
SHA256 71caf18a2e40d456dd84d694a55d92e417342c524de6239157236efc6b9b32bc
SHA512 e3db08c30c33438b9b6052c10f7d93b1b301a71bc0d8be7a2f95c518056cb129bc6ca4cff12876f5587bddb745abcc3d45d929eef1dcf157487fdd1b6302dcf0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Evolution

MD5 0901b0d0d512bc902feb25490157ffbf
SHA1 b84050cb0496f45b7676ca8237ffd1c1de6d68df
SHA256 7c2053611fa9cd19b733cb2594caaa1acc1c0d5e9356c6fce5b158c377090ac0
SHA512 2b3876ef3b8fff839c10a9119b62b187faea4d4a384815e70e88a29990d9bb8079957bad74e66bc93172c3a8584c652202788e3ac5b7c0309df8ebd8d7465186

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Visit

MD5 f8116f63158d44b8a32653ba47d338be
SHA1 4ce47792d29f7b2d59f2aed06ed530da7ec7db46
SHA256 9db8cebd14a1aab1c4dcece95213d4e91941b173e515c079f9913e8323f9520a
SHA512 df97dd0a2e574503fd0593bccec021d460f22dda3c8b9d78ffcc3db7e447d9ea79206dfde6db13038803efa5cf6c5f80124a79b77232e273e96d1a0264b2d646

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Total

MD5 af32b2e863ee66a1b6dd74ca65861a05
SHA1 f1c1c69841d4f47daee1e7f7e1378c5782ce90a4
SHA256 64a77c215107ea2183e66cc34352c7d0afdec70e6d794877592c1db7bfcb9264
SHA512 bf64cc545d5daf167b9af8506e631683e765f809d43c6799e57db60065d1169c991ec83a8b0876ed9582ba3090441403ecba34a1e4c7706cfe06e7203d97fa15

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Corporation

MD5 95d99506ebd81f275db7405c10105217
SHA1 770d862a3b2b6c4cdd0dbad515c1b1837e73a85e
SHA256 a39564a2ad5fc274b639108b898d21382c168ef4f4bb16d1a1783550bb3e51c2
SHA512 86b3f0faf4aa7265da039d3ff01fb03f47137272a8ad1c17bf0b5496a9d0e4b812108b164a938bdde4f031e1a1140bfdd8ee4a6c2b1bfa7f27f76191934c7367

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Proper

MD5 c037de0212cd77bb2acb71b45e2bb7d4
SHA1 c27d9fd633e3b7ca1de016e804b9f49d485d2e02
SHA256 3e767c7ae42fa1a838709ffc869d72558b381f8a359eb8f2dcc7e9ad43abae20
SHA512 cbe7ae3587c49af096ee7e0188ae94285a27109343940e78fa78e49a75dfe51be5683708b568fb24a39bba6b296f59f03df23c3b7fefb501c611ce96a8111fdf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bd

MD5 ab82d61f75d101eb20cf0a19b79d722d
SHA1 cd32f6392116f7f3ffd211fcdbdb155e0a0bc301
SHA256 6292db893218d11fce76dcd5f14b73addd6f6fd19d17661fffe351d55c31145d
SHA512 b166f9bbb0ed16f1c39218dd9cd29b0978568450d7592e4fbc5f3d73acee59772c8f8a713f381148dd9c05a31002641f2976892d55bcb6acc0c77dcc3af35402

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Submission

MD5 00a438783b8ab51d81596ac52ad07157
SHA1 55a56232dafe2610d381f536eb942009d5972233
SHA256 dba238af26bbf85836d27c52ada3106b865ce90b6a17a37247a12ce38c5559e1
SHA512 5e0854668487d9eefd3ed36afeb96fbeb78a4a15689d41b29a5a6048df81aba1a9e5e3a22b4cef6f68750be747aa8a84c15c277a1edd6090118d5c99c49faf5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Turkey

MD5 5d869b16db71ff094e1b063bf014edcb
SHA1 b9003c1ea2eaa6e8443b2a5cd4df570369cf39f6
SHA256 aa50cd9ab888451202b74afb1b533dfa884b0d3d5184f757f43310d6e2a4dd3c
SHA512 7508a27b0b7a6e22cbb9d66529b8d66b8054e2db77a4dfea4d7420b69f970281b1a46c6d08c2b1a2e973613046aed7ae6a17610e34f8c4330485c6a325c84b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd4982658a54e540dcd2517ff7989798
SHA1 42a9c4ea17bad9908f376d0ee2385ad9895a9cec
SHA256 a148dd1074cf8a7b60e40a433cf2018b862db6eade0d81001411cffc85880530
SHA512 f46b3f6a475444534dd75ba9c5b9ac62001fa04bb4c8fc9ae7efb6a3e836db5fa90ea3a0eede52723d53fbb4f733ca5097f8dd19561fd1a62e96f264c70f0c75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c546a5512148999d4ec2e3fb5c8738d3
SHA1 ff8572543a517992355d94f64abe4436a57fdd97
SHA256 fecc189d8870a5e4d223a7a2eb41219f60c87539efec63d3daa396eebf8978a1
SHA512 4518778477400def80cefde3cb62819de36c9cf4c3f7bfcbf643ec7eab8d0e5dcaf11fa0f3654a2cc7f954286465c2a185f3e5702e2f2d37c4e29613f09ae850

memory/3700-286-0x0000000004650000-0x0000000004897000-memory.dmp

memory/3700-284-0x0000000004650000-0x0000000004897000-memory.dmp

memory/3700-285-0x0000000004650000-0x0000000004897000-memory.dmp

memory/3700-288-0x0000000004650000-0x0000000004897000-memory.dmp

memory/3700-287-0x0000000004650000-0x0000000004897000-memory.dmp

memory/3840-294-0x0000000001360000-0x00000000013B2000-memory.dmp

memory/3840-295-0x0000000005D30000-0x000000000622E000-memory.dmp

memory/3840-296-0x00000000058D0000-0x0000000005962000-memory.dmp

memory/3840-297-0x0000000005870000-0x000000000587A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TmpC109.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/3840-314-0x00000000064F0000-0x0000000006566000-memory.dmp

memory/3840-315-0x0000000006B10000-0x0000000006B2E000-memory.dmp

memory/3840-317-0x0000000007240000-0x0000000007846000-memory.dmp

memory/3840-318-0x0000000006DB0000-0x0000000006EBA000-memory.dmp

memory/3840-319-0x0000000006CE0000-0x0000000006CF2000-memory.dmp

memory/3840-320-0x0000000006D40000-0x0000000006D7E000-memory.dmp

memory/3840-321-0x0000000006EC0000-0x0000000006F0B000-memory.dmp

memory/3840-322-0x0000000006FA0000-0x0000000006FC4000-memory.dmp

memory/3840-325-0x00000000070E0000-0x00000000071EE000-memory.dmp

memory/3840-326-0x0000000007040000-0x00000000070A6000-memory.dmp

memory/3840-327-0x0000000007AA0000-0x0000000007AF0000-memory.dmp

memory/3840-328-0x0000000008290000-0x0000000008452000-memory.dmp

memory/3840-329-0x0000000008EA0000-0x00000000093CC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 13:02

Reported

2024-05-09 13:07

Platform

win7-20240508-ja

Max time kernel

253s

Max time network

146s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Stealc

stealer stealc

Vidar

stealer vidar

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url C:\Windows\SysWOW64\cmd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900000020000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 190000000100000010000000dbd91ea86008fd8536f2b37529666c7b0f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079000000140000000100000014000000f352eacf816860c1097c4b852f4332dd93eb5d4f20000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 140000000100000014000000f352eacf816860c1097c4b852f4332dd93eb5d4f0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c20000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1492 wrote to memory of 2412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6579758,0x7fef6579768,0x7fef6579778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1796 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\" -spe -an -ai#7zMap5309:146:7zEvent20005

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\" -spe -an -ai#7zMap31036:228:7zEvent23439

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe

"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Reprint Reprint.cmd & Reprint.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 55206725

C:\Windows\SysWOW64\findstr.exe

findstr /V "pastinvitationinformalimproving" Does

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Bikini + Relief + Fw + Maximize + Bases 55206725\q

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif

55206725\Announcement.pif 55206725\q

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Windows\SysWOW64\cmd.exe

cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & echo URL="C:\Users\Admin\AppData\Local\CyberSphere Dynamics\LynxChat.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & exit

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe

"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Broken Broken.cmd & Broken.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 1181

C:\Windows\SysWOW64\findstr.exe

findstr /V "BluesAlgeriaDefinedIntersection" Pressed

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Breakfast + Dinner + Steven 1181\Q

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif

1181\Equivalent.pif 1181\Q

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com udp
US 8.8.8.8:53 dhiqaragency.com udp
US 172.67.215.245:443 dhiqaragency.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 KUZLiTEaapNEWFMhPiGnHQGgq.KUZLiTEaapNEWFMhPiGnHQGgq udp
US 8.8.8.8:53 BDMkHBPzrNwUIRfHIVtQKUDid.BDMkHBPzrNwUIRfHIVtQKUDid udp
UA 45.89.53.206:4663 tcp
US 8.8.8.8:53 steamcommunity.com udp
BE 104.68.92.92:443 steamcommunity.com tcp
FI 65.109.242.112:443 65.109.242.112 tcp
FI 65.109.242.112:443 65.109.242.112 tcp
FI 65.109.242.112:443 65.109.242.112 tcp
FI 65.109.242.112:443 65.109.242.112 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_1492_PJAEOWBDUFWQUKTJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1557f9777c7b53d78e539696402dec18
SHA1 c9a73e8e990c6192fd4c37bea193364808d04c0c
SHA256 5825531bf0f8b89bdc183c802605710722ff51eda7e38b78871049f23fc65687
SHA512 d43b344eb2629030d1ff32ce872631299bb439ef0ef0d05b6719c3f95272c78635e62116ff3fac08bbd4054db0cf3df11c36f141d76d5ad00f6ef346f41e8212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c5f4e9525a3e44b96dbb4a7af99423e8
SHA1 3416df323a24936682047113c079a79dd957b170
SHA256 cd5a6ad6f57c5e9f493a28a3801cd4125e1d8bec8bce7207a89c94767a1e9010
SHA512 77ba74314267880867af0fd1f032c60266ab91fd3bf20aea18b738e6337e6b7e547789c069065f177a0d9272c30684a55646f1d7d725ded6a1f8dfb2962daa20

C:\Users\Admin\AppData\Local\Temp\Cab84CB.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar84EE.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31e49778302a8110f2d143e298ca49b9
SHA1 8d66faead59a5f21a0b661ebeecbedbc7962fedf
SHA256 bd43dc6f742171eab6196225fac829cacf3e83b4f93dd65fa805887f07ad815c
SHA512 72a85f481e596c597713f7a3823fb31d96c130f9dc5296cbf5ec4584c300a2bca62a8e6fd814267bb20f02b19d7908778bf34b22706ee5f7bb0cafa5a95beff4

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz

MD5 712e95f9d0c5c7359aeaab697e099f9e
SHA1 9ff66a4d79e060d764093b70fe68949b62edf439
SHA256 d954514846c34e32e4cc7a29b840e4842a9dc7146c7daeb8ed454e301f52f7bf
SHA512 7582f4d0a001df350a0ae4da5e189388017c63345dc06e3c2656baa3e931688b4e8c0c127b107730f71dc3723e10ebf67fd1de17edac6fd29f15f23fed296b9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2a57e53cdf2668ab7d18f214735e5fab
SHA1 7c4ffde4b7714bd9bae3ed0660ecb870b00c9b5a
SHA256 a28dd5532237248fa66e4bc7f926430df406b77b1490049572cf9673f6ea6709
SHA512 57edbcdbaab9cdf15894bab9da5f1330134ad623d2a5c009be4be39bf0a87e0f54b5172e891e7969c5394445b210fd2e0838ec92c65cc3d916e8fed7db9e44ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8fa3cb35a1bec533e9564e19c045b309
SHA1 4adb4378e9f9b63b42bf923e8e63779aaf1d7157
SHA256 8338c2cf73f69cad6dd506dc364cc85b5e369e34cb8c3566b0a30426c5a8ef91
SHA512 0b93783ab89b57f7f45388524f67aae6bf9870f818a57dbd787c2bc8a0e0b4ecaa79eeb8829ebf1807b8cf30aa0a8e0e3c18438d56494da6e4ee8e4ed2c16b34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9b5eba4537c8c978aeb4c26ec02d4c48
SHA1 c3b88952c4388c497d32c30d8475741258a4dbe6
SHA256 a0beffdd3cedaf41081806512744d5e9fe4f2d6e38d4b44b68a55b4626f6f32c
SHA512 f09b1ba8dfdce1b991ab5675515c12658de83d30369a408d82d6df50e71e94592ddba378ebc3d9a4aa0c4f8491b571739c1fc9a2cdb5361be156edcdc22af048

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\bin\Debug\MusicPlayerApp.vshost.exe.config

MD5 28960c034283c54b6f70673f77fd07fa
SHA1 914b9e3f9557072ea35ec5725d046b825ef8b918
SHA256 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512 d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Reprint

MD5 55dd4a20f7eeebd633cd9686d55a6fb2
SHA1 400dcd289e265494671d162731aea59eacceab0d
SHA256 dff5d673567b73e1bb4ecc210d61d1db5a5653920cb2aba84d1cef5d6d3ebabe
SHA512 59748f5fd92a00d3234c06ce3335cd9b387a48449b454aef915ab539d13de2c5983892c9d88fd713327b2fa67e5ec2b1f2e2417a52fb38f4c4b56f079d8a6d16

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Does

MD5 77e157cb17ed60656abee35ef0346168
SHA1 1c3d0dfcbc3be543b798b74cd92958128ca8b128
SHA256 e257d8d93bf73e5e4a8c40fbdceb6e13e9651f683f18782d6cea323402a07548
SHA512 3e970d2773b117c02b3640935704f2e3ec62cc7dc5d12364efe80249c1ca7c8231f4d6b245f1c744f4fa69441fd2e40681e0f9dd886d3f4f245624cad3db3082

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Proposition

MD5 1702b70ee4cbb05665de2037f0f88161
SHA1 8be05a314d814265b8da7ee8a934624753fbd38d
SHA256 6492974c3ce14d4813b4cf2da843329a435648a339b95dfd32f8d566626a5f99
SHA512 5a0b7cbdde942a176fb9f9ba238a4e15c2d6da1cf0e7eb3742c69727faf447d21d62eaeee2bcc9b2b7b92b9a8cf4c48f47ce28f16a6c3613a95114deb0083f2d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Proper

MD5 c037de0212cd77bb2acb71b45e2bb7d4
SHA1 c27d9fd633e3b7ca1de016e804b9f49d485d2e02
SHA256 3e767c7ae42fa1a838709ffc869d72558b381f8a359eb8f2dcc7e9ad43abae20
SHA512 cbe7ae3587c49af096ee7e0188ae94285a27109343940e78fa78e49a75dfe51be5683708b568fb24a39bba6b296f59f03df23c3b7fefb501c611ce96a8111fdf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Eva

MD5 7e250be5fa778843177b2393f0b17419
SHA1 6d2b05818dea37e8012a30523732144e421a6e14
SHA256 e7420d5ccf157b1a35a91c6ea4cfbcb6e220b1bd95ca778b61397f6d547816ec
SHA512 1a202ed2afd3a199d442ba9683434fc2a5ded229d4435769eb41a9eabf1f87270298cfb4e220c8378f106eac0f468835a89afdea804f09d06e82d7de50be5368

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Meter

MD5 bbc104304467d04d85b33619f23fd8ca
SHA1 de13318c47c7e583ab8b6dcf3da7c373721e6ac3
SHA256 3393d226a3d9edf57cf2d93246ce625c5a860a41eb50035513a8e7d27724d96f
SHA512 034ac41e8c148f85cb4e27c5d2d7f74ba18c34eb8eee1b8440d4727a68777f5cc80fbbf98b0a20372f86fb0d228f6ab0d53a15a9c3cf33cf0781d1dc3f7ec7a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Smart

MD5 0d812f6b5ea4d9707a3d2b6097d481dc
SHA1 ecd4540d35844865e85980b831570e2e96336141
SHA256 a8168cd0919a05a6bde6546df7352c85416ce6dc3931e0451b933077e8862a4a
SHA512 cbb0eda621794c0156acd222407feea93a25b22e94c89103005c9b757762edfe4a394e6fe8bd0207547cfce8711c36453223dd18dc928a8f96551f0fd55e20b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Et

MD5 0ec8c7e006ce043fa7c02ce91b175f12
SHA1 7265bdeccc9f42ad33c4e7eba2bc1cca56e71954
SHA256 8fef92219d7ae98db35c1be45e8a41fb2bc27ea36e1bf57a9d81fda9d14fc95f
SHA512 cab9d10e5ff3fe5920e8ecf6a3a91f33b42fd8b9bdde34706f3d047c89bbbe1ce95f30513eb527cb28600884192f4115a1430c83755061f121a8d48ce532f710

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Earlier

MD5 e92c016eddb450b3e86d82aa039cad02
SHA1 fc7f491c4d928436ae436863797c04b8b23a8ad1
SHA256 35bf35ed6372f240a3c8061ff983b6dda077438781cdc9d3cd19bbdab5c49960
SHA512 aec5b2dba92478be809e9316c1afdc74bab1dc0ae83265427820919a732423a197f78cf73b2068b5a8a0ca4e721309b02f1a0420c32ee75763c776029f49f6ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Colombia

MD5 73d14fcaa5867147a144d5b99ffb8332
SHA1 f37f1fee7ee4aadce6dc72428bc5786d815f4cee
SHA256 9eca40718378e375d95f9b60e893843f11f2a06d3b09fd1abaa0400c7a1eca9d
SHA512 f0c94eac934a6ccccab7d6d510063a6ad17ddafc4d3b160a6c9e6c1b000523bff8eb83d83b90c83306a7a6d59df4c5444be81c9dddbce16353442eb6d970dc08

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Busty

MD5 3d2180673bee65cf0fa0beea062f82f4
SHA1 894f7759e36e85562a5e2cf310b7ecf59d8975e8
SHA256 67a9aef37bd23f44ef41acc4054bdf6315f84dcd6ab7eccd878f70c270a2154a
SHA512 a46d226106012694d05cea50f0f9642718b8af7de2988235cfcdae195d66cc772fc945d59c94172d7b3bedc63c4f7953cd51fa930ae3f590b435f086b237285c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ln

MD5 6d3b213c936302eaefd7b4b8b417ebc1
SHA1 e2295759fe13a653bbfddcc0af58a3f894e46a16
SHA256 d36356da27c284891846dee72d16d531df97f39cbf162c0a1ca3a3aed0bf6d5f
SHA512 03ff362d01c8d61e055f9748f9c56b49c92324fb2c8ff3014e079fd149408182169d9fd0557d9345ce0c6370a81f6275d823d29d4026a602c0c8003d7661d9bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Total

MD5 af32b2e863ee66a1b6dd74ca65861a05
SHA1 f1c1c69841d4f47daee1e7f7e1378c5782ce90a4
SHA256 64a77c215107ea2183e66cc34352c7d0afdec70e6d794877592c1db7bfcb9264
SHA512 bf64cc545d5daf167b9af8506e631683e765f809d43c6799e57db60065d1169c991ec83a8b0876ed9582ba3090441403ecba34a1e4c7706cfe06e7203d97fa15

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Visit

MD5 f8116f63158d44b8a32653ba47d338be
SHA1 4ce47792d29f7b2d59f2aed06ed530da7ec7db46
SHA256 9db8cebd14a1aab1c4dcece95213d4e91941b173e515c079f9913e8323f9520a
SHA512 df97dd0a2e574503fd0593bccec021d460f22dda3c8b9d78ffcc3db7e447d9ea79206dfde6db13038803efa5cf6c5f80124a79b77232e273e96d1a0264b2d646

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Corporation

MD5 95d99506ebd81f275db7405c10105217
SHA1 770d862a3b2b6c4cdd0dbad515c1b1837e73a85e
SHA256 a39564a2ad5fc274b639108b898d21382c168ef4f4bb16d1a1783550bb3e51c2
SHA512 86b3f0faf4aa7265da039d3ff01fb03f47137272a8ad1c17bf0b5496a9d0e4b812108b164a938bdde4f031e1a1140bfdd8ee4a6c2b1bfa7f27f76191934c7367

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bd

MD5 ab82d61f75d101eb20cf0a19b79d722d
SHA1 cd32f6392116f7f3ffd211fcdbdb155e0a0bc301
SHA256 6292db893218d11fce76dcd5f14b73addd6f6fd19d17661fffe351d55c31145d
SHA512 b166f9bbb0ed16f1c39218dd9cd29b0978568450d7592e4fbc5f3d73acee59772c8f8a713f381148dd9c05a31002641f2976892d55bcb6acc0c77dcc3af35402

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Radio

MD5 6803130c7cc6d3e49cfd5a22c7255d8f
SHA1 adbbd656bbeea80570eae42c796bcceaab5c0f4c
SHA256 476e554dfe172282402598012ec6727b3fad1f217fa9484508ada92fa86e0d43
SHA512 74913e88ae907fe5602e63339622ca4b7fbc3cf919b8346634ab833112868b061a2bede9682b6d0c1bb48f3033758084fb211ea32d63211813b1f90f4dfb2a2b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Kennedy

MD5 7a84a28c65a6a809e635583dfb749459
SHA1 4c9695bf4f5dd5a94d5e898b741e2d408a3bc3b4
SHA256 269a99d3fb90d2011a4ff28768dcfd65513edb5729a318e3c0a67ce4d48a392c
SHA512 61155af9efe8c870425bbc24a42b3ff1caecb9e813b00888cc0a53b10d5b23e9d241591f427af86ed27ec1ba85505fe12159055d2f5df988e9a46d2f37e874c9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Submission

MD5 00a438783b8ab51d81596ac52ad07157
SHA1 55a56232dafe2610d381f536eb942009d5972233
SHA256 dba238af26bbf85836d27c52ada3106b865ce90b6a17a37247a12ce38c5559e1
SHA512 5e0854668487d9eefd3ed36afeb96fbeb78a4a15689d41b29a5a6048df81aba1a9e5e3a22b4cef6f68750be747aa8a84c15c277a1edd6090118d5c99c49faf5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Terminology

MD5 ce5b7cede522240f805669ed75da9cbb
SHA1 4cbd7aca97e9580b8294734025314d7b34c12ffa
SHA256 bca86d9298807bdb93f997d29736ae4255edd599d0fe4567b7a68fcbae516f11
SHA512 8a39930ac5ce43f7249416136f26289f1d2159240d45b494f858d3a79d71205d2d380ae4feb9f0d1a505edc8f17084abfebe57669f34224c9196ba37bf641010

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Harm

MD5 847278273baea557f863008247367b65
SHA1 d9d20183b9810f2bbe1d655c264e05439f691fd1
SHA256 c6f0f7d6d2d744c4c4167878410114a9be7c28cf6a506ce50c6f2504918c08fa
SHA512 baa098aaba476311bcb9d84de456f4544151b36b4812b7985595a93cbe9a0b7d21cba5866a8a4282f87c5d1a4599ba8d8316df862866e0322485c8b8eb4e7657

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sign

MD5 9521f2ca06365470502c1e72e884ca2a
SHA1 f4a347fe3795eebb2aec5eda8bc342536d957828
SHA256 57abb3caa53763da0ec965ba5a0c6c6398e2e3dc7f65eaabe4e97fbf419d76d0
SHA512 5c6307c46b4aa3ae63e4bf0c66f515ce62866f8d7bbe45111f5ab95d6536bc43e6a2b7e41eae32d89bf96f188a818b42b91c80d00f855c770b916064ede4e26f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Turkey

MD5 5d869b16db71ff094e1b063bf014edcb
SHA1 b9003c1ea2eaa6e8443b2a5cd4df570369cf39f6
SHA256 aa50cd9ab888451202b74afb1b533dfa884b0d3d5184f757f43310d6e2a4dd3c
SHA512 7508a27b0b7a6e22cbb9d66529b8d66b8054e2db77a4dfea4d7420b69f970281b1a46c6d08c2b1a2e973613046aed7ae6a17610e34f8c4330485c6a325c84b40

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Evolution

MD5 0901b0d0d512bc902feb25490157ffbf
SHA1 b84050cb0496f45b7676ca8237ffd1c1de6d68df
SHA256 7c2053611fa9cd19b733cb2594caaa1acc1c0d5e9356c6fce5b158c377090ac0
SHA512 2b3876ef3b8fff839c10a9119b62b187faea4d4a384815e70e88a29990d9bb8079957bad74e66bc93172c3a8584c652202788e3ac5b7c0309df8ebd8d7465186

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Spears

MD5 8545d958ef99bfb24b569ab066d8e27d
SHA1 303b7b887280b61cae2936201cebb874c16f9b3b
SHA256 e67d227e4dfc69ff61d03c5ece2ce16458f8ae590a133976397129bf9ee56406
SHA512 b2c357bd47f6a470b12e1ae518706814166f053f242c73abbdc230cfa07a56baf7917e63adb1563161583adb89a2f2a7d7ed7d7d22ab3324674a3c7b0bb94ee6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\His

MD5 751c49aad91b18494d138ee0cc6cb622
SHA1 621725721b84a279817f3bc0bcc9b325218548ce
SHA256 3bdeea17d6e666560aee48eb09fadc35c8715540b6ac68e5800018100ecab0cc
SHA512 3570f90da5ef4386f57233aeb6caa1f8e71dc9a3caa92b05bb56a768d7569a2d074bfbb3e89d975f8cceb458013538aa331da6870ea006a148405346e8b06c76

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Laden

MD5 900fe58c36324ceac6581212821ad122
SHA1 3e8ff27af8047e98151368d414eafebeffb88e28
SHA256 71caf18a2e40d456dd84d694a55d92e417342c524de6239157236efc6b9b32bc
SHA512 e3db08c30c33438b9b6052c10f7d93b1b301a71bc0d8be7a2f95c518056cb129bc6ca4cff12876f5587bddb745abcc3d45d929eef1dcf157487fdd1b6302dcf0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Travelers

MD5 3abd1be764e77a01ba50d7540cfb4358
SHA1 af6b3162f419f631ade9819f294d01979ff15fd7
SHA256 eee2b5ca9bb0a0f09516ec19bae1e23fd91e02a42f0f311677ad764e3d328f63
SHA512 77d43432ff1c480f033c1e2b799d6b21371a3877714c78f9ba68c1d9479a40fd368dc94fd46b4d5230ae0c6d56b403dece7bb6e0f1654c0daa731da70564446b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bases

MD5 dd8815477ea9528ae8ff3edc2ec40f4b
SHA1 8a2cdb3a6e4aa5ee6a6c6556e32a87bb2e3cc210
SHA256 db0b603cea03d6f04581b00d7b2129265eca4fd145faa2ed98077b7539a9f9b1
SHA512 c22a26b4d70bd3359218a2b8c50359f0197ccaf1a3d9cac40ea00158874aae2916f4a46216bb4914a077a304d3ef00a3a9333fb919fa34f69cd3a5467a7fc938

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Maximize

MD5 e76929f60e7d0a7bcb5cbe821bcc717f
SHA1 732c36d6982a1e700b1527576279092cb31d7d5a
SHA256 d748b99c8108b112be58d1b3e4ef35aea0f84462cba7ab14a9a6142c0a0e7b10
SHA512 bfc8996483dfca72fa9c2fa16eccbbd307a0c2232c03beb8a380b30ba2d23ce14f05db1201c97d9d1aac3e19cc576053d964c18eb8ceb983b35ad23608c642bc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Fw

MD5 12bfb07a04ce17f08ed4d9368001620a
SHA1 c8f6ed9c327e5ee266bdb43fe08e98842340d691
SHA256 a22c4ea1a207ea3fb1e58baa755f342112284eaa0a9f295085a1e3b8c13a24ee
SHA512 dca46dcdc3cfd38a2e420c98b62621299938eeae5026fe4b20ff8c01b616fcefd2929d32205a46aa584101c46a3319513eebb7c0dfdeadce11bb7ee881c144b2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Relief

MD5 1cdcb9dd6bdbb4f18d344d51f53ca35a
SHA1 cd9f98a0ce1fca78ef27e10029be8c852071c41f
SHA256 8a6cc44697aff7597e1c4c01d5cf1b0a0b07b22cd6f4c3c17b5a96b19c62f429
SHA512 9943b4596cb021b0960ee943fa433a2583082a36a333692cb1c75fbca78551fe396ed8e7d905250a82487ebb2479eaad5dd96371b66f99b9377720e4fc3236f4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bikini

MD5 89dc1653fe6c07feffcca2d0e2ae6141
SHA1 b6a8a18a0cd3d594206367417d0a5e7261a83d0e
SHA256 e85a87a08d28df8475cd9aa2c08ecf0c993cb44337bb46c34134ea81ba42fd5a
SHA512 d99dbd44ebaa2976b10d06b2fda30bff88df96019f70f69f27b94c0ab214e4626bae7c8c029621271ffd0e9dcbaa6a19195568163cdfe88098383b4706f12329

\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif

MD5 62d09f076e6e0240548c2f837536a46a
SHA1 26bdbc63af8abae9a8fb6ec0913a307ef6614cf2
SHA256 1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49
SHA512 32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\q

MD5 0e16279c98249aab9910a2fff72ebbc6
SHA1 f9c8736335606a6c086f6572a2a6c9ceb2784bbe
SHA256 d8e835e3a6385f90b7f5a2367a98dbe933310c4eed0deaa4cf0f1582cb16379f
SHA512 8bfcc6964bb1239d74dcda003a0d076784e0d2fba0aef1145d58782fb18834e3878195978d9579813df2ebe0873bb3323322fc5a2ed131d730cd0c1eb9cb4756

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Broken

MD5 dbf242470b8793fbb15f2262de428dfe
SHA1 5a5694c41907a53ac44c0ab164c104a9c3377667
SHA256 66f1be1ca30374f5c9301d0f4528eff366bfb44d67c65e1321b066a3e6d1b9fe
SHA512 1059e358d3e513ee0a8ef2e8aae88a900890c65550bd6eff8cb50e02fbbb7dcedc5d0cf61e4dfbd196436f2b41c99fe5fb08afd8db595adc54e4b98659280f76

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Pressed

MD5 cf5f76bcd29588fb5fbebd249283460c
SHA1 1a1f6a7b4a39acb640a016b5d52c672762de44d9
SHA256 dff0f7ea17f596008bff24de1c9231ac973091087ac3b305fb7b09b64e917b80
SHA512 2cc82370ef83fbecaa68d418f12c6fbe5cbcd99d6c55f49ad2e5aa00e51617a1edb4ba4ad36bf4dd195af57b54f1ff5cdefc3ddb72d7b14b047350fd6c886330

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Joins

MD5 188ce596579c2d930d187d97ae19a767
SHA1 971c6af9d0e20e1b1974edad01f7715df97e089f
SHA256 8b8de4c9a3d09d9841fa94453ed482ecd6c07669b0c8dee18c623b9a4eae9721
SHA512 b72b038d4d6c6690864a5b28db593e854116fcd772e71b97fb8a691dde954113a2893b9d67e14c1ee94aaa6ec4c6e65cec7864ce1587012d1bc3daeac9b7680d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Vibrator

MD5 f3491fd23f5eeab678812b758b29ffdd
SHA1 4d724ffc50c0139276f2e3fd561a0bb10c697fe7
SHA256 0e0137af0f7b35ad1320a820e1e7b5e309bbcd64479359673a779a8c1f8eadfa
SHA512 ea5b47524d009c0abdcbf7890c09c5fa14683e23651d028c520a0cc69aadc34b1a07700996920b5aff02c9e43f121ab335267173d65c318d47a15f71aa08089b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exercises

MD5 4ae9a830a28df6ceef564e032d7c14a6
SHA1 dd1a92d2df6b939de3e740da26e58681c87ccdfe
SHA256 5bee23acc72504a2789cf9e21bafbf2fc098f612c174b891bdd377712d1283df
SHA512 7ac0f03bf67b7be669534909e90a2fb7dbfb35bf97e1b6c73538b5b1c731614b5f474355b9577dc669a728c682ad367956ca1d7e204e9f37b6b9abc353db06d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ta

MD5 f60f406fd3dfca1f0ae0fe0113dec01a
SHA1 23d51e53c09b720aa25125f195501c1e0402378b
SHA256 3c184485b23e0d19b39aeae57e95cb772fae39c03b0838605f9acc3ae23d50c9
SHA512 72d62af40e6432380aa52b752ebd8770c70586d477c00996cda0ba30ddf78d6303d6dcfdadf1a3fb1ad965f0dda43ef7ee7397e32200d2717795e6a946230327

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Answering

MD5 c5f9f475de7e9ee88385c0167faba246
SHA1 c15f28af857b44f21bfb9cf30f0045fe133fed6f
SHA256 f90752a63f2f936057456e210a3aa7cfc9c616c527dfc7722ab975eed47d532c
SHA512 498660418e16797084ac2376ebaf35f30daaa62fbf9c767d7dd8bd5ff0d8a1590d7a94d9dc3054932a02b5283109801d7855d65d41a3f95252363de225c00cc9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Storage

MD5 b93b13b168b93143ab66f60fc81d1fca
SHA1 7d342b47bd372aaf1991607d66d552c813c5de8f
SHA256 931c7ba52717cecf461dfa66a44d73f053befe71bc8432893ca0428c2f1d8045
SHA512 27d3cb138365c8a7bb4fdda89294541a311a40917b23ec5abdd3b61ceebe35ead8ae1b78d8283fe7f34220deecb7b9deb3c90920ee5b1eca3d4b59606dca7064

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Password

MD5 642cc3cad7579882540d6e71b00d5e91
SHA1 fcfb810fa0f5983b781582afdd1a2b65c3310bc2
SHA256 d874480ed8bf8e2dbb3057848eb2a3cf94a64e1e61f8897001a3e05b63e3f29d
SHA512 b7afb9423475687f42c2dc084647e16d1054badbdf0f2c79952bb5b9e9c436fab48ceaa731a9630557621f3c3b785c64d49f3ad62a8e4af129d25bc4927f45d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Seasons

MD5 00f36700d9d99547a524d6c485f81b97
SHA1 4ad7129284149769bccd1105f77a0a30e600c4b7
SHA256 3fe028c9d835683031c15ece07aad46205113fb404f061e41117cb2cba195f8e
SHA512 56bcaa17dbe4281e65ecb50ff7755d5b62b86e733477e77962cf5147abffb108328a252291eb369b7429eda31d901d5e087dd1e0d5ebac3fb4ee9f29267a0688

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Pension

MD5 fde08f709e056568f8556560990f5b4f
SHA1 db297a5b34deb093a0fb70e8bfb098e4999bb4aa
SHA256 260a009cd47d7c01df3bf879f374a2b1b97cb809fdb73d2f9253c5fe3eea86ac
SHA512 41373bca6518602d3136fdf42798a7469510ee1450664dfd1c85dffd638d3b3623ad7bbd3d24afae217bb5ab537cbde79e5870b741c507759affbf2c36adf865

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Crazy

MD5 f2a40b7cd21b530472bb2e8b0d89136b
SHA1 2e45167924bb3c1ca5307feef80fc43a4a5e7af8
SHA256 dcd6a0df13bdb3adcc2aebb1352ed61c82f0f6f1bca2d19e70cc0f5d595c8e92
SHA512 663affc416f064c9e94f501d406f264246f818e1c57dbd4f6a6f9ec34de8c3da0229bad3a9e60837e5e722b08119535b1a8f0a39ed16a2b9e8d8ae382bc7f684

memory/2856-394-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2856-395-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2832-400-0x0000000000210000-0x0000000000262000-memory.dmp

memory/2832-401-0x0000000000210000-0x0000000000262000-memory.dmp

memory/2832-402-0x0000000000210000-0x0000000000262000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp5F9E.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/640-418-0x0000000003350000-0x0000000003597000-memory.dmp

memory/640-417-0x0000000003350000-0x0000000003597000-memory.dmp

memory/640-416-0x0000000003350000-0x0000000003597000-memory.dmp

memory/640-420-0x0000000003350000-0x0000000003597000-memory.dmp

memory/640-419-0x0000000003350000-0x0000000003597000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67a2f2ee4608ada69de6c1293c404c44
SHA1 3c8909fa9da93feb61343a8bb25c2970ea44ed0a
SHA256 48b9bccd5faa12160cbf6e15c5e31e3a8f9e084a9723045463707863f8ab3a54
SHA512 3d53ac4ef11ed315338ba9f0a018bf33273de690ebc0c4ea5c59fa553cd37ee694521dbbefb17813fb0093fb42abb6fa480949fdb18e3ea48c624059f8da35c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b4fe4c0edf1a7a2549e44caf61a8445
SHA1 8295d4d20f2c08012ca1148779db343def4930ab
SHA256 0f393ff841b7742552b3fd2f819ab421e150713acd7b84c3c940ad1eca4acd72
SHA512 985dd95272befba98c2669d7584481453686e8a2cd95c0aa048685296c37fa01bb85cf0765461ce3762b051cf95430edc359f7334f3e0a7bab9d85c716a715f6

memory/2856-552-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2856-553-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2856-554-0x0000000140000000-0x00000001405E8000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 13:02

Reported

2024-05-09 13:07

Platform

win10v2004-20240508-ja

Max time kernel

247s

Max time network

247s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597333800877944" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{F9A0DDAB-CE72-4113-BFF1-02B225EA690F} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2980 wrote to memory of 3388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5db7ab58,0x7ffa5db7ab68,0x7ffa5db7ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1612 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4772 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5612 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5608 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5732 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6108 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5680 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.tt2dd.com udp
US 108.178.44.242:443 download.tt2dd.com tcp
US 108.178.44.242:443 download.tt2dd.com udp
US 8.8.8.8:53 242.44.178.108.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 108.178.44.242:443 download.tt2dd.com udp
US 8.8.8.8:53 dhiqaragency.com udp
US 172.67.215.245:443 dhiqaragency.com tcp
US 8.8.8.8:53 245.215.67.172.in-addr.arpa udp
US 172.67.215.245:443 dhiqaragency.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.16.238:443 translate.google.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
GB 172.217.16.238:443 translate.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 172.67.215.245:80 dhiqaragency.com tcp
US 172.67.215.245:80 dhiqaragency.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_2980_DQKNCXILDTEXDAIF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5b4c6c4ded12f1059015b528c826ea90
SHA1 3c59e7a9d56148797211010d94d4ef8ec6117eb5
SHA256 a1b793bc2acabab06bedff3935536756ee3fa1eb5feb939992afd4318e006758
SHA512 3fe8751f870ec0b1258a1f325d92fd12b508255ec403a55b243853d8822de033fa818eea51678430abe65f3e53cc76765e16a7f5cd3feed79e731081cf724ba9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1383c05c0eb90fb8c5dd0d0ed7c4813
SHA1 b939c88be68fe2eb2530d73d602372adfb6c1ca0
SHA256 9656fe07905312709c81a1bb0103defc57ce015333166308e512e102c64ee90b
SHA512 900fcc3104313708ea0181a28029aab7408452b9ae413da96e210bae0a4fdafe0e3669af8d796351817aa86ee4e4d98e4cbf25d0e756b6cb28c83ffffb063815

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b0368e04454b90b088cf13ad8dfd98f4
SHA1 bef778ff139a5bd3498def825b3329c3b054a52f
SHA256 ea3f68cbc0ab5b0488c2a184830f96cda2f787ddc6c3799a8d181e2dcd84db0e
SHA512 200a0518a25c07b2245fd0dd5f113f060fc2f6978567e2fc480864c7540e03429481b2a95e932819974100849c578d8eadbeaf51af8f78b39960d25b8efeab6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7fe2ca073e4d91308396ac13892cdcea
SHA1 af2cfefffaee2dd9252f0991f45d0b90ab32a48f
SHA256 31590d9c7f3f21ae804e952b04d99141aeed24e87b2f1426b0d71d4dafcdbd72
SHA512 e34150a0bf02b995bb06b540cc127f344aa438a224bb142ace28006661ee9a69e19f8d1eeda508642d1b6cfac26457495fdad63bc7a8dab5fc69c72e022bcc58

C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz.crdownload

MD5 712e95f9d0c5c7359aeaab697e099f9e
SHA1 9ff66a4d79e060d764093b70fe68949b62edf439
SHA256 d954514846c34e32e4cc7a29b840e4842a9dc7146c7daeb8ed454e301f52f7bf
SHA512 7582f4d0a001df350a0ae4da5e189388017c63345dc06e3c2656baa3e931688b4e8c0c127b107730f71dc3723e10ebf67fd1de17edac6fd29f15f23fed296b9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d073dbb6d79f47faa95750b9576441b
SHA1 6b7935095cc67c8fcb5170d4b49591b07ab88768
SHA256 74bcc5e354105fc0381dadb2aa6f2c63498150f9ddd7163023ec55210e3ac5cb
SHA512 21dd0d81c35514b694c8723291be25c21adaa0cabb19c6d8fe9cd9549d3e57a00d8a1f3849f99abe836fd5abfe6783b61e49b70f1cca4bb1ea41aecfc204c7cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4264b58ce470cb841b6a5d8520d62193
SHA1 67bafceee127ffae254fc09d8d756df6ee2f95ad
SHA256 567c8db0ad4d69bdf423e2badc059a34b8a16d4de8b5a21c758488ba2367f57a
SHA512 47ddeb12079e938067233cd88a43d266278f937caab57edaa7e1bffbf7d9d36aba9f9d8a2c8b606b8585a336a2227ad5d93da122dac2fd8d4555cd9e42c47cc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 91a5ec168882fbe5790563a7099cae78
SHA1 6d67eab4ca0ebcff0573771caa331b034e2dfac5
SHA256 8cb2a5267f4a16f272adf57b74235d2bea37a93d8dda011111d722a1684b22e1
SHA512 8eae5053fcd0970daec1a6a8d3d4dcba25788728f0ee8b611368ac4d5b9f327a08394dc1ba1d4c4b820f192be7a658cb7de3467b5b424a05b8cdff7437ff53bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bf82c9ba8725df400c2fec0dfdeab68c
SHA1 48705805d13349668cbe359a02722b07b28bd5cf
SHA256 8e435c67a507e46095a7e0ca4f533f4dfbb9e8b8d9f0bb7149a08dbdbe2a28df
SHA512 aa99425c43be28bc41b58836f38881921cfb6e8dc9d6eb9d226b92809c2a47b422ed30004bad24815f9843598de23a7d7baca3eff45ff3af6769f850e64e1384

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a326b.TMP

MD5 cb26dfcf2b8a53b7a318f03b0b5a2e80
SHA1 e3e15496a2b28f06279687342f40a5b11c6e1f69
SHA256 552610507f02684937542d90fa0eb916f301860a7fbfa74f3104a84e6c778e65
SHA512 a4bd138051571c2050443977383e72ede63344169dee96bb6daf970877195e6ffbbac4a1d17cddab4ddc5b751be9cf0d5c8a3dc48da84429691b2dff15ed3103

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e3c8c1891b4d4099db8167877f0ba99b
SHA1 7fb6355e07865bd9a7b3450669bcdfbb06791dee
SHA256 f1734be6e93a161b829fd1fb2265810e948f4c22a4a12bf21960ff92b639fe44
SHA512 23f9f99f3d56f22f4d162da8a7843b7575c2646a347ca9ac207f44879bcadb5870a79511626561068020fcdcdaa08305fcd2f0028a81785bd747ad004fddc085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b51732e9ba723289445f228add535ce
SHA1 ff1a54ee2b587a6501355183131e7f0577eea25d
SHA256 8b6fb1b0f1214a6640518acff029913da1a64aaeb4a075e10786f3fc052c6eb5
SHA512 5657ddd79b031e9ca4f1de08888fffa867e97cc45202e1f0cf73c67dad4ac1e9a2b06c2702fde2c5dbf176eed94a9788f6dc5315af215308fab8eef3022bcdb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34d5dffd3b44f46e1d3a34cc8f14fa1a
SHA1 99f604f67f17fa0c4cfe2cbc01ec201272e8aa1c
SHA256 0830e074758abecdaee7d6bca02a29cecf9ca3fb742199bc0daded77f1b92c65
SHA512 b1061988454346f884146337f64672a2cd0f303e8de0c324bf2da51c90defcec187f561d691aaf501702bdfa68d9eb1c29449ecb1c89f8d05fa40625bcc0a533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a9b66.TMP

MD5 2c47aea4b71623f7b0af4815a988241d
SHA1 1d05244b1ad125a58dd2596227ddece2d3891fdb
SHA256 84d55ff1af748d85909d25f0f7d2a986e0310ad10da26d0e53c98c22d072644c
SHA512 f71334d5e0a63ee4472979291ec05d8d4987527b1ae69a4bb590d3dd2b550b7d9dc25c981f158d4d63be4934e3b187b1fb30fb91fbc84ccc4313d341358dae3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 61e739fc6df6dd2d8803140546c51901
SHA1 1680e5355112bfea03cfce714f5db2e278525ad4
SHA256 76ca425e9937f8f5c7494e67b8d697ad2b44c8ad538282da04f2fcb82dc28f97
SHA512 3a3dc3496117812d5627b0c7b0d218d48a3fddbde9bdb8ef1dd32a56bd43ff07e6b70224d9c608d358e4a8f84c09f548205c7df3ba08fe990b4036bfe504a8d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c9518e5abd2974b1b23d55ae7d0075fe
SHA1 01f610bcbfb4fb48f21d908927d8c4936ca3f780
SHA256 34ab64f0ff435be6a98d8d040e5b9c8ad71051d88f48357b6f6de7df089b5038
SHA512 b2469bc6696872f4800aadb5ff9ee2826e75db5610abaaa28fd87d348f28db68b1cd1bb10fe343683c3e18426b00c8fea84068ce7bcc21958853406cd3b66193

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b20132586c8c09ca9da997290ab8200d
SHA1 06acb22b04cc706d7cb650efb1cec16530651028
SHA256 84683c5281d3b68baf14fc1f1aa7b4c339cb26421f934afa8158ca7780c59832
SHA512 41efac37eeefc19d6e9d138fd13018183041a0fbdf2bce6fc3bfb6d70297463ae1f927cb432eb57b6acc6fd5cf6fe22436f9c958f01e291f5b6180227d1b174d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8fc6ad1741c82e275975fd65cf475b75
SHA1 776cbda55b646e628ff38fc291f78868e0848e57
SHA256 8c1719cee028b7c6f9e4d1b858cedc7b0f18371c85a85d3cdcca74e579b43030
SHA512 e0221ec4ff3c3bfaf8699ce630d46e8a69d161464455659810787409fd06de46beb5f24ea85b0ebaa30c5e617d05efb40e83f26969bb0a1ff82ea8f0c7723d16