Malware Analysis Report

2024-09-11 06:04

Sample ID 240523-zgd99afe8s
Target https://github.com/MalwareStudio
Tags
bootkit discovery evasion exploit persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/MalwareStudio was found to be: Known bad.

Malicious Activity Summary

bootkit discovery evasion exploit persistence

Modifies WinLogon for persistence

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Possible privilege escalation attempt

Modifies file permissions

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Defense Evasion
TA0005
Modify Registry
T1112
File and Directory Permissions Modification
T1222
Pre-OS Boot
T1542
Bootkit
T1542.003
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-23 20:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 20:41

Reported

2024-05-23 20:57

Platform

win10-20240404-en

Max time kernel

928s

Max time network

922s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "satan" C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Disables Task Manager via registry modification

evasion

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Temp\rainbow_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\clutterus_ico.ico C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\crossHD_small.ico C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\invert_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\static_color.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_short.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\mirror_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_edit.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\crossHD_medium.ico C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\plg.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\stretch.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\tunnel.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609704755665779" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1768 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1768 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffff55f9758,0x7ffff55f9768,0x7ffff55f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=692 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5760 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5848 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5940 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6136 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2968 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5476 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x39c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5332 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1764 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5544 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6312 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4760 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6760 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6836 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=948 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6984 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6872 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6844 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5704 --field-trial-handle=1784,i,16157522797784251555,5241025366094063347,131072 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap24003:120:7zEvent16583

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap8817:120:7zEvent15738

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap1103:120:7zEvent456

C:\Users\Admin\Downloads\Clutt6.6.6.exe

"C:\Users\Admin\Downloads\Clutt6.6.6.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F" && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && takeown /f C:\Windows\System32\Boot && icacls C:\Windows\System32\Boot /grant "%username%:F" && exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Boot

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Boot /grant "Admin:F"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 scratch.mit.edu udp
US 151.101.130.133:443 scratch.mit.edu tcp
US 151.101.130.133:443 scratch.mit.edu tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.scratch.mit.edu udp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 8.8.8.8:53 cdn2.scratch.mit.edu udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 73.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 uploads.scratch.mit.edu udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 api.scratch.mit.edu udp
US 151.101.66.133:443 api.scratch.mit.edu tcp
US 151.101.66.133:443 api.scratch.mit.edu tcp
US 8.8.8.8:53 projects.scratch.mit.edu udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 assets.scratch.mit.edu udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c79.gcp.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
IN 34.0.0.42:443 e2c79.gcp.gvt2.com tcp
IN 34.0.0.42:443 e2c79.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 8.8.8.8:53 42.0.0.34.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.36.117:443 beacons2.gvt2.com tcp
US 216.239.36.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 117.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 turbowarp.org udp
US 172.67.134.124:443 turbowarp.org tcp
US 172.67.134.124:443 turbowarp.org tcp
US 172.67.134.124:443 turbowarp.org udp
US 8.8.8.8:53 124.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 trampoline.turbowarp.org udp
US 104.21.25.190:443 trampoline.turbowarp.org tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 172.67.134.124:443 trampoline.turbowarp.org udp
US 8.8.8.8:53 190.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.scratch.mit.edu udp
US 8.8.8.8:53 cdn.scratch.mit.edu udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.178.14:443 google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c26.gcp.gvt2.com udp
US 34.86.82.41:443 e2c26.gcp.gvt2.com tcp
US 34.86.82.41:443 e2c26.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 41.82.86.34.in-addr.arpa udp
US 192.178.49.163:443 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 172.67.134.124:443 trampoline.turbowarp.org udp
US 104.21.25.190:443 trampoline.turbowarp.org udp
US 172.67.134.124:443 trampoline.turbowarp.org udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a70c93bb9022e725238a516e7f1042f
SHA1 6f8ea79abaa51105a567b35199e1871538ba3e24
SHA256 40e007514c520bf57f3b7425fb7b208a0318e2e2ccd246c2cf42062405b3815e
SHA512 616ef58f607d7c76b18788b664143dcaf8f56e496132523a3c2e6e6e32c313fac1ce2ba5c7bed51f172a2503b7393f8e38c2d54eef2ce984227a6ae364f2f269

\??\pipe\crashpad_1768_FQFQCAYVFSDIJDAK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 620c366da424761a8dbe73d3e8b1333d
SHA1 6ae214b7787135bb11373f5b39f267ddc994e259
SHA256 003f1a828bfcba0fcb1fc1427bdb7e3d506d86e25ffa99b851f0cac4f3d13661
SHA512 baac6fd922fa694f048d950948f3703b924c6636bbd3c0d4ad1d3f283a610813faf162b62f2fa5685e5701a2be01c5147ad52a903b86b2c4d5a8009cd37f527b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eda20b5bb2815251e58a02763afa6689
SHA1 214262e4e6559d3aaaa665eb130f18c596055eaa
SHA256 79d5c4bf26a32c2cc963a69859c2bacfe1c783904daafccd29b9fd1210ae1831
SHA512 75d38f32a92b00148152b628027531d43664e501265818b813e372a7aff210a22f54a7a653a0d05ee2c279f64b74049d7ec8cd84f4f08f326a555b7028d75c8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4dd2c9c984f81c5c95b93c6f24ce2a60
SHA1 bff133ae680391031bc243c83d4cda32f0511262
SHA256 f6ba3d32caeb0b797ac16b877cef0ae337c2756464e3dfdb494375caf2ca2595
SHA512 5d6dd36f4038aecd7e8b0638b2befaccf8348cfd16a5eed07cd625a98e4a523cb2f0d157abc1b6d14a84baf96a9e1e28c9db5c1dc8a8a0fc8124ac4b05b8f762

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2c93027bd4d114085788f505c2b38aac
SHA1 fcfae9461bc87680ac2f57712f8381c70808f125
SHA256 51899560d99c640bdfb29ef6282e4220436b59ad7c0cd15804018fe749588af2
SHA512 e9ed0816669916b56ad3450c10a74147789e2fb5cfb6d3f7937e13959baab0cbd8dd51f900cc8fd6297625a8fefc70d353824674a1e4d5563f89a8e6234088d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c895de2e5400146bf5b2701fac30ee9f
SHA1 a013aba7055938270881b701712a290552e2c495
SHA256 eb4d7cc6cccb71982bf03da556e3360e101b5bf2cbb86b7cdcfaf0fc267d0a03
SHA512 00249cca525ca94403c8d9777211dd36bfdf93bcdcd4a06df0b919695150504b05acdfdda72f387807100af0ee7147167b9864a67314599a1ae34e75041367cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1367770b7d6ca4e40c4feace0d26c9a3
SHA1 ed53dc748cf825b463faee351cb5af9dfae6fcc3
SHA256 61a002720f6ff53d7073bf1ba17fa9fe6543e48f5abcabc1a445c62495b31a1c
SHA512 56787b1ed410d6693b3d5c00e2459eaf0fd9084145621096edd6fe1df3f2d8e3ba8e9e4f5ef569c250072aa4c4490497380f41e1dab4a3597a97ae47b0ecfa9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f11fca2afd006939a2963a1691c30991
SHA1 1867ccc1ac00af5e6dd08dcd341567468fb7d0ab
SHA256 2da68cd29a27660125777c8a3bc9f151bea1b233d3c6ff7f6f99cb9f352bbb4f
SHA512 c8709a6b23154522d5485ec63ebc28ae99fc51a6caa4d6c163c24452c19b6a3a0a2d9cf3c8ecbdcfd9cef46b56c64850ba3498d1eb7f9a8e92d2d55e1e4a2a9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 76f797b0e04063cd962508f13c301e6c
SHA1 c93ab240fa1992b711f35111e67dcbe172997a8b
SHA256 6bfc94c358f43c0c6636a210fa5bd1589d02c76416e831c39da0b35761dd6831
SHA512 b887fadf4b3720d910052f05ce32c37f654199ec959c08770993a58d1c85b04ba26f0ff831b4f7629f022a57b4524abaa95ae9f87c755854af05f312ed462c32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58435d.TMP

MD5 457df31376de6d3af62e5fbc89b59799
SHA1 51ca38c2e1f3282581156f9410c7b50c25597b8b
SHA256 47c05062e49a5f59d82bbdfb6bd02e8982465ae573e03d37fc87e492d338f542
SHA512 1b9ce5c9c0bd41e4a3c3dfda9e8036b2fe10440c9c994be8ab068852855444e79c2ba8121a791a37806a05c6951c39c6387476903673aaa16dcb99cc71295dc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05f3986bbc4b820f48d622844cef5dce
SHA1 5b73e02fd3306a198b5062ef1f5db9c361341fed
SHA256 68efa6ccb1b2566c517f7e48105b191f54e918584b42ef05bbcbca6df42b46ed
SHA512 91f493b25019cc19656288935c62cbcfbf98430f76a4d3312b52e42b5edc46b07b1cc1ffcc47c28380af7fdf78a05ad7cc66f1550132663bded83d04db7cb946

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 503798003ff9bdbc458b67cf3023d75d
SHA1 86671e498e0d1436884d1240a6035e4c4a557baf
SHA256 03a7bf42f0145d2dd061580d1bb17c54612b690f57a5cf9d438d6085358c33a8
SHA512 6ed1b822975ddc4bc57f5550718b0b44d6a630989be43ddb909d73c37120e299330dcd18b730c5ad94d39218919f16f23759e20527eb8b321e715b8d9a5df7b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 499d9ff22b078ec33b409b84c42b2964
SHA1 3f638377cad0f8f3bb97e83fc7fa239beb8a3cff
SHA256 480e6263d2fb153f733c8efd53550acb8939aa660fd398cd194aae6667b62e31
SHA512 06ca80bc0b16845c7c9036d1d0bfefcfd729eabe23bbe5506e14f6a32e36e4318c1ef03729d3587618769d9726bf49a119f4fe97e7ac588af88ba29e4b04dc50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 35d0ea37dfd5daeeb8e80e95745b88dd
SHA1 404d33fa12405f3f8bf3677d301dbbbfcb9d96ce
SHA256 0bac1265918bd0b0116a2064d4b728deb3e693b6823457ad64fc137282ed1f09
SHA512 2bc95462dc87ee9953d4ba90b1a9aab31f4be1cb4294fb82ac4993d30ba33bcac9cc6e061c84221f7da6a7678e3a502dcc5ac66faa01e32045440457a435f15e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cdc9b7570ce707a49c9ef412d56c14b4
SHA1 7a1a11050cb1423ddb0feb26b70341b306af35db
SHA256 e6f247ffeca932b8ce40291fe39034f6681cfe05f465e58710d19b9324b278b3
SHA512 812fa7087ff6c4ece0c2bd96d6dbfa0f3acb963dbcdeca8862e5c523911feae3e7dbab1f51eb55f0450b2c381676121b2ab492eeaad3bf51310c908caa5cf27e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9cffe71e916d3a863031882ba87d0ae1
SHA1 6ec74cded00b58ce7e2a84ea0a1e9030d9b9bc3b
SHA256 cdadf0d26509f7cc013e220974d24ddc0ecace419fa67b5bc3838d0096c326cc
SHA512 effa8e3aab27e2d13bb6446f3e80e838fa79d7a35404a71c5eb8dc4135988db8302d6e7a819adc490e50be9c2b31f4ab4002c5ffc57f182f772157379c947c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6eb956f687bbebcb55f55e99149475a
SHA1 7ac1f59a2569650833a7dbdb595964207e840d1c
SHA256 29198cec04f630140639384395bea3beb18f3ce3a223f59dab51508ff65bc63e
SHA512 1821fd35f3cc8a41f1f46ab8cbe655a819bfbb06ce3235a5253b9a6da613c4bbb0411d120bd88772c665136c17bc38f377a1cae5d595a61a30e4aae340f1fe01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9261260ea9863750819981273c760081
SHA1 0e01e794218441d33461964dd7e66e0e7f13352c
SHA256 369f4373b804454c32881f6094f5e11339d63a2d7e6cc82df1ffeecbd2e71764
SHA512 ef477e343d875d6af3ced94748b7963bd83054ec348bb4b6288b56d08aed9091ea965173e31b965fa9a1a83675ea96a3a41c29e0c15be4a8b79fe23f2960d187

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 20b52b43bb125f2daa99ad23c6fbbb7f
SHA1 37ea3076521cc0ca134a451b8124ee67c18c45b3
SHA256 b28c98aa705fb58c05a9bb557679c31ca2a8d2e21ce3f1b9407de50b1daafe85
SHA512 415395ac3bff40ffd5350b1d23b6f36b0c4f9def37c30a5afe481b231209a94d955dd3c111c031062a8ff3acc866589f2d06bac33f11ff84aacdfaeb7e003e4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd79833f719550cb57dacba129af21f9
SHA1 618fdba3cd86ca14fe3f9191f3cfbe4f4324dd97
SHA256 29b53896bae5fb39fd9104b92bc7638d78bd4cb3438efa44aec2a0d55465437b
SHA512 7751b54f67a8d7e906227b230837084e18c00b4061487200b6b6c4a3a3d19933308e8fe14617afbca7606f8cb5e1a0be1fe5670d4c8f5c29f9fdc924853d50a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c7463bc9fde7d86a806f1225ef2815d8
SHA1 af51a59c505d8658f7ed60dca409623ffd41ad3a
SHA256 1149c98ac1c08e61536b317b0eac03e9453d847bfafba85187f9118ec2b66f9d
SHA512 6662d89159c64c6a13a1ebb50bc627955793e00e7cdbbc53cacdc375913c446628063be20c735961bb3d7d10e08f7752723b1f5644d2cfc62914f7dc835e6bbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b18f103563c94d024ace5f992a5eb547
SHA1 c19dd28028282b80077a754269559b06b58eec8e
SHA256 b076d4a7b389d3f0e403b178ee1b4995052c522670f99459521e8476e2598dfd
SHA512 da5341fa3790a6b00a3781ffafdb1e7dce754ae021276bdadb0bc27e3184b1ef943610d5281f2d861d6ae2b244ec41285b7ebd2612d2bd0f09651e5b77a34147

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d903036d985c0c6ad23fe606751bc5f
SHA1 9d9e7324a30515667a30d89b82dc7fed7862a42c
SHA256 35f6402f8c9b236969fff3046ed8b203d675b00bf9435c691532579113828a90
SHA512 429fb8ea5c2d15aec59ab064de9ff843208072ae2f7be88692dd37c1dfe0c5de7a78f4f359a91c476ff0a942b55a02d8ed90566fee0502c287207b35a7000953

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e81dfbd9d7c3b0c2f934c39460da365f
SHA1 d683d00b44c5b7e2215c2984534e4628868ddeca
SHA256 786ee799905af650bf182c4e2f0bd1c1ffaf08bb66aaa1ce8d5ce4a7b45a94d7
SHA512 e75f14b1c3e10c7c6dceb06f797204da006a6c9a45b70e52da6eb64e0555a969c383b2cc2994f4b361bdb7a6004b7b29029fa77c7c55d17e6a98334c91eb0a56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ecfa0c1380e7016141dfff04ea1ae86e
SHA1 20673ece3b03d33248344e68bc20da32887abd56
SHA256 8bbfbdfb6affa942915150d2247cc51b59967324d0fb1ea14438d8ca660cc009
SHA512 1ab33630f2dc2c69a4d2a4545f085448da0802de12d9a0009243639dbf904e655110e1bd881de8ee485af9fa407d0700c8accef39c56b597bb4aeb4f3a980199

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 11d91e3713a284f36d16ac908abfc9e4
SHA1 604508f7119a9b6ac3948ce34dda30dd8ef91986
SHA256 5dc46c4c7a39428d276a526dc84cb6ed615510fe95bdf0c5a9c09053d4be5984
SHA512 daa5f8ce9aedf05e7117df7528d170b8efe61f98bc14a6960cfa31b6ad60238c777c45aa636df77f80c4f2a88c78f0756be973d71e4d017c718739db1feb7a7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 904723b437ea725bd5937cbb25b86d26
SHA1 9e2f7d1d399b6751acfaefc0fd1f4a726454ce0d
SHA256 5dde3acd49f7655af8c1c06d578512236fd5e3cfff6ae7a75364f8d4d64a0d0d
SHA512 a37c84f7a15ca32c95ca130cc21cc4e7d56f7f227bb503e852ecd63dac6022d50cae7ebfe6c70057164d4ea949a68ee62c0cc4b70c586a7990dabc6eaf3663f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b6749c67027931cd66f4f18f2aef4517
SHA1 a96b27a262a0063495cfda606a3af2b101a6692b
SHA256 9a81fbe6ad7be150d5da2c2a4c403aff5fd127493e727dd645f37a4b1fb28d29
SHA512 f80ae825cfdc0c358c5d5451b2537f1b882c349a9d70f671b7d6ef781e8d5ff276dc240094396c3732b7be0678c2fc01edc2c82a3f648eabee2d2e9be32792d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8382314424b018e0292d9fa3ad28339e
SHA1 bd4b92d4c5855333823fcf164324f70bed13dea1
SHA256 097a59b08abe6f1bab3970746ad08a8e4976135ca42ac9c3441c823d27243b56
SHA512 2f51c2a7645dffde22973d4c9a6e26a5922ee39fa03d61cbee6903a1d1709bc978d6f3d6d1c57a1be5681f29097e95e95327400e3e48815138c56a886992121a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1b598f94cbf82260cb54f88b10ebfac9
SHA1 6680b74bae0e278e29e2e059789a432e0eb64486
SHA256 fe4c9f009dafd1082a470eadf4e7643c96174ad264a5cf76e05367a98dd01216
SHA512 b20da15727f6fe5dd6e3fdbc7f648e2a02adb4672ec7444b527e28974b9c99df784e230dbae121bccde61fc03e610cc37623b7aac836fefc1716db6cf3b2891c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\953ec357-097a-4da5-8dd0-87080db08544.tmp

MD5 d3e3b2072b7ce8a3bac2600a1c6d5ed1
SHA1 d7b3eb7d5c875875af6e9ea20f3b2317ff96dc72
SHA256 16a08f82fe7d712d7e5fc5690372373240bb1684315e30bde378f1b7a682510f
SHA512 f09673e399a199df86c940ad43f2fb464075501df1289f17e0f1d99750c3ea173b9ae3f08a8569f76ca8a4e9a5c8ed671bc45bb69a9add147983e8462efbd0dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d15e6c9a667b1a5b814139fe43a2bd52
SHA1 bf5ea74a5ed248f7f964f037aa2eb70545619c19
SHA256 e63b23cc9b1b7b21cacd241f05857a5611e48bbed68f7a9825fc0beea5542e24
SHA512 b2827313c4857361b938e8d2ec0b75e9ca12ab55be32a0cab7377e8d3dd203208c4a2051e791183a9a63db42a7431d7e0f23032df1931a485b1d5b4ef21ce000

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69b5d930caae8f206c3f7fed53fa47d8
SHA1 25418d407f84bf3a0d5fb570d5aa83cc2a45e6fe
SHA256 136b4ea74c15c2a8fbbcfb513185697d2b8298b4e7ea839fae593359dffb00ca
SHA512 64492bc821ed0a7e37d8c903079476de514d69fe93e5fce0bd8cb5de5e4cd79fdc623a41ef3bf4418cb66aa9ad9893674a1ae7f628092602018402ac8a25c02b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 44e63ee9b44b59dbbcc3d334b09d8227
SHA1 e4f9640ffd65f1962e8dc8bb76c4bfa9d3c05300
SHA256 a331a5b6ba69254a87b3cbbc1338248ee6c0390b01e874e9d8ee4cc37e7ee705
SHA512 6f98c2ba67e951960cdd6ef69826c7f1cd115912384dc033ed6793c4369a823b539a4c4b6a1893c05f1c3e7cf44911221e5b098669d5746cfbfba25c93912361

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c33a13b5f0c04f1b82228852514b5116
SHA1 31e34a8f9dc0374436eef0dd70ebd970c92a105d
SHA256 67e1acb1f759296f5b7aff6a47d9194a0772f7291055c9f6956e1af6494d95d8
SHA512 0825aa23409c0249a38e22ac08c73588ecdcd26ff826a6c8ab2a918e11eab35f91321434465fb6999d30204bcabb6bb2cdc9d803e3819d3d4b66c037a7cb3612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

MD5 81f53eae8f4b48207238e7e8af7ee470
SHA1 b7bc98461358f99b07651ef50c4f6c783168178a
SHA256 6345279fcb0d69a5fc8b2a9eeb99f0961a9008cfee08d59304c1cc7525192e0d
SHA512 a92f6fbb51d03b49455b454346fd39b4e90b1360d29c4131404da67934330bd19d0f3a88868bb00ad2740df1605bc6573df00620b9964fc6c14933a640ad13e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 7626aade5004330bfb65f1e1f790df0c
SHA1 97dca3e04f19cfe55b010c13f10a81ffe8b8374b
SHA256 cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e
SHA512 f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 5ce7bdeeea547dc5e395554f1de0b179
SHA1 3dba53fa4da7c828a468d17abc09b265b664078a
SHA256 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA512 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 c79c39bea37d88933c87588512ad60b5
SHA1 8d8eaf28658da1ad1ec7c0571a34370c6604f522
SHA256 585b3652f052a311f2018396086050214784cb8c60b7020020d7671ada2b6898
SHA512 1ecc5871bb6de26ebf83a842266fb5781eb4b5b40bc9f9d061bb1433f4ed2aab42817c004f6192baeafa12739bb153209d3d203d6d3faa3c33dc444987a924f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 31ef76c8ef1cf63e50b3a1e4fd847f3f
SHA1 8d4a937f024fd1761b85a543e77b164ff9981bb4
SHA256 0dc827da243538ec34f0dbd2220c8226ff572ac957b2d2456bb7b175a144d44f
SHA512 38fa3c10aea140b565e2d66446714d89641a9f7253f452401ec161fb07174963f40313f3369b33adf46dcef9db8d18af554e2818e10bd2ce6c8e60e8766aa80f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ebc10333ea405fcddf867cd216f40f6a
SHA1 50ab878c617dc94ca7fe8b8b5b126075e78ad2aa
SHA256 4899c6650f9b67177455d2db19850a1f7222b5004599a6f83c07f5a1d4548ac9
SHA512 88f874a3dafd42d57ec0c44b9cf71731951702f175500cba548fdb32d15116262170eecbfdd95fd5d5531e548cb1fbe7567ea25514647812faf219cac0d03e9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 a9e3fb762c47e862c2145586538143ee
SHA1 aa45d7148cf3e80721379bbc3a110b157cbd0878
SHA256 11462f198c361948c45042c36260fa02f65c2bfaa07278a54701129e25cf15c1
SHA512 1978bcc7131b1976b137238a29eb6325ea6d3a2724186d60b45c61ffec34d2c5de654a88479990a5813d37b8b3b0bd63b16959d943e1695f9e978e83a56751b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 035c7e77f13460b0fe40d0580b519d4a
SHA1 16ff03f515b0d5ec0e9ae88f3c0ebafead971f66
SHA256 568cc685a21702bd295d67dd6d9a21fab090d3784a13230554fcb6f6cec97e06
SHA512 c337aaae44f9135e8b6d93fe7953aa45ea1fb8cfac76ecbe2c5a693bf88294a7b7216451fabfbfa02e6182b409d0c4ad5d9ece7f67a8031d984b243af362e01e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

MD5 c629cc7095807e38474005973a8d6ab6
SHA1 caec724af1dd5e304fc1aa75511a4c5e2f1586c1
SHA256 26fdeec313a34c5000cd9b9b50f4905b02d35fc39cc94b1146c92522a1afdcc5
SHA512 3d9e9c351cbeb9ae7234af8514e232d3287e28742fd7afd10df89e917b6ecb4072b9ea814737d4345df2634ee40d16baaaa1c6fd620eed0e1de61732cf4e250a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099

MD5 5003918cec8ffcabfa9b66ecbc09c301
SHA1 abb52251b4a75a6d889c66d667c13b83a24b35d4
SHA256 c1dc17439c9530ae9176a0a011ece60e9fb2313ec342e32ea4e810b23ccbe2ca
SHA512 63f8106c12f07474e31bd4bf490ab48325a5e8ce0571be4887640a9df0409bf9528ad4c11765fdae836826078c8dd01a16f2ddce0cbc2a1a6cc0df5c80f9a3e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b57bc39ff6b647a9aedc6590c52ebc28
SHA1 53adb81066067a8be79760ae38e17c4258684910
SHA256 38c417f42b990224d2035e15abe030772e6af8b70683816746c68291389a3570
SHA512 a61cee95ca2f3ad70cdd2e35813c2ab2e47cde6b6115d1b4f85136a888bb9931807bbd7cb1cc1090ac55808e70b265d7596a01a234f9c26a13ba39fab5950490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

MD5 45241ba820311ce08871c443321f22bc
SHA1 c5787e32bdabc21f106dae31f17600203a9ad57b
SHA256 9eb69a6ec0c4c1bbea1ffa60dd85c86936905f8bca057729db8f9d34c099c566
SHA512 2825003c3c2debf2d0fc47a7f90c47bd56a65734c2823b6b6dff282b2f68c3646faaaa1ec7b6a566eaa4bdb3a7d2fe736b185a539a20667853d3ec8b5857ad77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c5406f4e0ddbb0cc105eaca5fc81d174
SHA1 97a985dcd1183dd4c1c833829ad2dd61dbd91f32
SHA256 03e90bbbdd029d8a52f856f6da1fa79c0d73db6142b0387b1d9796360a07ac1c
SHA512 ea8850a2ffe8971507a89c60d2a97a9c70fa442d47d13fecf419ae489f8a046b153654961fe94d6486a62bc575326464482502ce3aad2cdaabdd88aa57239b65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e4

MD5 61e40b816e0522cdb3e4a0616e385e82
SHA1 08ab9a2704993ae668846512aaa24ddb35edd40e
SHA256 73612dc934179f96b5da8e0597d418fb0539523041f02cbd15eb8b5a09569069
SHA512 ad6f800491566bca045ccd32b4ac5f17f984802be0ca497be8f5b66a26660c733b481eaee6b692cff2e68c8f5e947c6e87210ef305ad2da9fac44aca30b4c60f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ca

MD5 df600b8e2923bfdea7ea4b4f26be01b8
SHA1 409c931d09fed74ed0e9c0ded176f8f15829fdb8
SHA256 99b7e902e1ccf4e384491f8538edfe76ba8fc608cb55cd7e1db5c1f7fb64bbb1
SHA512 17b8e2dfbc5b95d5ecb2ec53e560bfa46a3f5947afb21c8820d86d4b3049e506b53e57c7af6f8e77838f15aa8b6c1a7c21d68fb8cb0a7d513b08f7e7ff0a3252

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b9

MD5 87a7269609950e2d9b4a7aed159d116f
SHA1 a1d470cedc7a5291c3ad25f8d3e188a5655e5031
SHA256 7170e47a1701d86256a83c05b0b09cae60bd0a0365127aa0821b01ea0af28d62
SHA512 359f535bc4685d51814ddac8974e6dd272e66f5898e9a5a9d955fb4ac38ab7869c13381c53186e80639b94caf61151a025342c52e6cfe715a9a8664f33b4270f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab00e576b89a7c423d17ce8d72b0e915
SHA1 121d32eba7ef07da944b77f58da65901233d1798
SHA256 fef5963a8a76bb41ac88d6680b8e072723f13654bbbb35b77003b0acd613a173
SHA512 76c162ac814de56e03d3cca1e1b8da460ce16c7c7264e1a6fc7f89c219decdbfbf3deedfd043afffd1e857266f1bf33b2f2061710ff4ba79bfcca1b398800472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 0be54ac27d8c65cc86df523928c4a05c
SHA1 ef223c079dab8a6ab8e28994e07d673004c5d031
SHA256 7420f12d0f008e7afa4c1ef25a62f1adb2ac6ddbf25780db6b85441af7a3e34b
SHA512 dd94fda33b1ad21f3f89db26a42727932f5eac2d77275e7cea2652a0d8e3e07430f61c57efe343dfb239ea4f19613919c54d631fdd1f22bb52464a4e367054f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d49e02f6ec70d967_0

MD5 74433b3db31aad8d5c34507ad23bdfd2
SHA1 7af0c4d6fef969d060a9459e8146a56c3227f3fd
SHA256 225df193e9f553e6f118ca03912dd8f44b9a487b566a3a8ebe8aa676ff9aea06
SHA512 a828d8073a2735ac546c0c3a5140c652ce90e700ea4f9c485763e5636b27908251c3fdcbc46c51b6d08184ede05655404c67f058329362d16076d0419e34917d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1b611d5b6419d18b_0

MD5 344479ae8c41beef0fe36fa6fb3dd737
SHA1 73887bb67a31b8d67635d883c3a7aeca5b2b58ee
SHA256 c698d20ad2721bdc84430fdd92db7990225e1e614618da402100101d8c817a3e
SHA512 d2d74eba260b732f4ee3fcf24bdbd4940bef1145320913f4acdf9ff26f11a9f086075aab0e887c770f520256a09fd0f41be8477ca3e862fe79474d86688e0ee4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\261835c96c9aebcf_0

MD5 04d7d36b50e67e0b2db2db7ec874c46c
SHA1 cfe94434640e43cd120a3dbb27adf2caef8c850a
SHA256 de93ce00f956be72bb6a54ff260d78b1317161e568abb15d73d908a4899351e1
SHA512 aa951aa55e8b62df79d6ce01622a7ca1c2328a6bd63f82b1ec7f492b4e028ab2b54b87f343b5f0c167689f233ba12890a46cb5084dedb453e873687258cc12dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d9418e13d9926704_0

MD5 0b2ba752fa93cf17aaefe8fc7e5e825d
SHA1 082a26befc282d66e53ce893be8426bb0c71e3e4
SHA256 15128e09ff7682faca1ce60dad8e5eba46e99c86a9ac60761132a36af7a321ef
SHA512 63966a2c12d1db4afbbd3231a3e32c465b403b72884832b8b4e7f5477acc95738074aa7840a2193311b42ae691e85b19705f592169724ef7b0ddd0761610c70b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d6c431c0b7d4411937f502a1cf5946b7
SHA1 a741237cf30fb7b63dc611e3cb1367a863b58f36
SHA256 21bad4db07fd4c3d5a9dd0e54643fe4cecbe29af1f18164047c1f9553ab057d9
SHA512 65eb6c74e35e1e3fd8d85a3ee570e8a5712dfe4c6315e91b56071ecc1855698923ddf001123ffdc927bab066c4e1c896cfc8fa9a2ee51ac0e48484a29bc53100

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d29e1.TMP

MD5 e2b9c99261dea048b99653d2584efcde
SHA1 dcb5681ccb726eb17f922d6ffad125aaec2a7494
SHA256 5b76277ce39754c5a7846539fe78112faa152576cde5e968d2e723c46f7123f1
SHA512 a57a2bd9608d06b43baf34926a894f667648e44158f767666f2f1bfe3e324253ca3b103ce39797f086bcac0e7dd5a8d37dd4689a8af56cb092232c480f2b8de6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fb59dbd66f7702084489bf2d4cb7c92d
SHA1 284f157126829c728da449399321b3030d52a342
SHA256 705078e2a00e627243d49d313a7dc2d7b3182ff59ad0d47027f5e28e7848ca29
SHA512 14f3627f43c3aab97e894e35396146b80f214426d592c61b2ed6b9d52bc8ab87b737b84038ec8e048171652530422dc5eb287b282f3626e89eaa63f966d74f4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b273f43ffde184f4aaa7ee813c7a7db9
SHA1 5e279961ada7ed508d4623b217f845dd950ad9bd
SHA256 e022d3b66a3e3d3ba2f39ddd419becb8bf2c26798ace99cad7851e0bdb108dba
SHA512 e2a333b4c5cd04923adc229777b60a48ee1a296b4c00ac6403fee29e1449a8f81eb2b95c0da6fd15b41b4e4afe8a8e3518088ba67e5f37de5fb434bcdaf22209

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 6738006d59d9d78a7b7cd123e7efa034
SHA1 b6c5886e205879fd72044a44327ed8cbde3df9cd
SHA256 fec6ef59605a2bebebad39acea47a037c77657f0414c42b3a79fb33c3b2667ac
SHA512 62e14aa7f4e3a469598868f46ff71ee6ade79bb10c54ab74802e417da60ef7e7344d6e4e7d6a8d05e426b766860652b5b370379c779f60e73fbaaa58967986a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 b572d3d73cfff9bc2a235a6af165ad57
SHA1 747b25c56042e6c56b99a95a6ec47327437bdb22
SHA256 e59d12bad6148283486cbfb3b5a4e9dfbe75ca9cc803333423677b32ee2e5da5
SHA512 767d876e3a467e261166ad9edb005fb484c6537216d93062c0d55761371e74dffca40cdfeeb627cdf9486efed908e13fa8e12a4539bb14eeb7dc998eb52c91fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 747af32042b53b3c49568cc0e820d2cc
SHA1 a8694494858aa1161f3f59c2649e9476c8a27d88
SHA256 c0edb3b60ad3073575d19883a6422089e18ad468b9baa553be21c61307d7514f
SHA512 1a572e8913b775788770f734acaa29b80703ca172c7eb945ce224c7e7e9357a93e64dd73d8375bdc65d556e08c443612490a97ae7378ee7d9e812df58f606a24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 858df1bf3670baed703964050b87ca7e
SHA1 da082a48b6ce397b1aac3eaeb1b53f1dd93312fa
SHA256 a4f562a8132cd64dad788c1d7a1e90e7e0eb5da90f493e0b340b5a17c988c4bf
SHA512 f42f7f25b3135fbb1e81b205970d77032f4a4d4feb6a537ff7e56aff917b6bbcf14ed60144a9dcb2e574262c2609ceefa88f5a117e1ae3766730a5f727de09a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6a3bbcf802f4640a1b68dde3be714424
SHA1 3a50b9c660f4264f174a4d91b7374fca4fd22d1d
SHA256 00c39c6b1dcba46b5a4b1f43ad9b67da2e763b542027060fbc299a9cf2ec0612
SHA512 20555ab0c097926bc112aa505f181d5ffb7fc2a64884ac96a88f6542d90d3fcf2a467a885955ee3cb72bb18ecc3b0425bf5ce9ae50d80b917688d40f0b00f3af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f41cd2c8c6499da6d80f4696e9df7d2
SHA1 9113663200b0e7d07b9f955c081993e12d3a9cf7
SHA256 b044d7f7860e172e7ad4514eb74af0874f36f2bbcc372fab9d6ff119c6ea2cde
SHA512 9b37b2ed7152f82a6ec313ca534398563a9b7aa4c3a3148e5ec383b3c0892270b2663ba39750a95bee028121be89cc4ba4def616f6b814c49edb1125ac57510e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_turbowarp.org_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e5ade5322e72ed5f3314b58858915598
SHA1 26816b2aa1e0d72370449dcedf6cbf87f1b5cd2e
SHA256 3dc477bcc772d5f1c16a9648596d2dc515ece55fd8170f50a0806db7cfd147e5
SHA512 ba6ccdaf77423001e9677cfe302ab4fc3021de7a069f91f5029731a33a6fdec269cf50a48b934c7efb58e2bc59a19134d286d1143368ea4b07a98d1aeb599c9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c89197e85afdc27f766c7b7554f409c3
SHA1 1ac64a36cf5df12149ecbdb696fa7dcc53408394
SHA256 00bb35d0581ae912f10c541dc56b4d5f75a9c4487f48920536fc4378c64978a8
SHA512 2acb477fc1bcea39313b123cb154dad2ce156296d98e1e5cdd33ba7ca9b81a6ed1dc350a268f7b306786176921977e40f5ffd191190429c1761070a8e1d9f4a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00013f

MD5 b36358e41d46f37a11c4fbf23b7fe7ba
SHA1 4a48d0d04c5ec8c3f1a9ca134a15a9e76288a8ad
SHA256 8d6b35190ff8a64034d12c38c40cddbc2b9690cebb717c67d483694c2c1709da
SHA512 dbba2e8859266d049eff8dcd074c657b7046fd5ed2bd5db068a9022358bf6557b789c302de4720a69b7aa8dd7b4010edba2e89626da171978cac8faf99c0f3de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 032caf7b2b31646ae978b4b4d67453f2
SHA1 24a831467cd6d79314d9e70cefedc3b688955fbc
SHA256 6cc90386d772c6e34d1937985b39a206dfc5e00118d0628d24264062ae281887
SHA512 4bee552e874b49cd7ea50aa9310dbb00dc7f3befe51eb5a645a40f2192ead497fb1f4358e6d41a15f15f774d699d217bebb4e922537ee62072b2f831d4171a8c

C:\Users\Admin\Downloads\clutt6.6.6 - by CYBER SOLDIER.rar

MD5 60fda8c078bd2c6c8be5246d493afec6
SHA1 339675682e1a9ac2008d5bafd9b49cd3167998dd
SHA256 72d36858e676360cd470943c3a22110324df8e4571c166dc823b09dbefb4017c
SHA512 87298877d1c4fadebd0bf40dd774619f9718eeba4b536dc9eee2abb5bc1809501798152139c47b3db204af119cc52904814c689484b400a00e1ad6e69a58aa00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d33c6010b7dc2d8229dbe3868d678290
SHA1 3336fca7231a327615fed1ffef406afc0a99043b
SHA256 cbf0ecf5d67d2e7c1a9191826385d3ea7ecfad159a3ad57c7e35f08c4e882208
SHA512 757a3823f327e1e719edfd506addfd1e8195cf871c1782aecb0d9e0b47315c33c805cfbb397de32ff7ff29617bf3822ac124680456fd5e6a0446c58135a792d5

C:\Users\Admin\Downloads\Clutt6.6.6.exe

MD5 ebe2598356ddaa94e3c507a3bf3fbaaf
SHA1 12fbb71303fbad2d1d6b644d67f3d895ed417ea2
SHA256 bce721a6081d418d0e00bce7dfb5a6b957767b0138690f7e5d642181556b8296
SHA512 e541c1e25c081530b7102445d57c70ceaabb3a719ac895b1322305d3b2e0c6d8cd42dbb231285473a48c8221d94cfd3f9aab431a2aaaf551b55b060d83f87552

memory/512-2296-0x0000000000840000-0x0000000000CD0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fb6319ec94cdb3f3a0a6af1d14f04557
SHA1 de3ac4391ded60a5a73ab28a2f63caa098e673f8
SHA256 56e5c72f139308bb9d90841a9081ff3632baa46951fc905f985a0101f74ead2f
SHA512 b19ced38b428151098b2a0fce92354046ade2374d4497dd42a4772ca83453274017633fd46d174c4eb7f7d06239b2daea0875509e94eebe82be4ddafb1800d51