Malware Analysis Report

2024-09-11 07:16

Sample ID 240528-ds446adh62
Target https://github.com/MalwareStudio
Tags
bootkit discovery evasion exploit persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/MalwareStudio was found to be: Known bad.

Malicious Activity Summary

bootkit discovery evasion exploit persistence

Modifies WinLogon for persistence

Disables RegEdit via registry modification

Possible privilege escalation attempt

Disables Task Manager via registry modification

Modifies file permissions

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Defense Evasion
TA0005
Modify Registry
T1112
File and Directory Permissions Modification
T1222
Pre-OS Boot
T1542
Bootkit
T1542.003
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-28 03:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 03:17

Reported

2024-05-28 03:40

Platform

win10-20240404-en

Max time kernel

1186s

Max time network

1164s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "satan" C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Disables Task Manager via registry modification

evasion

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Temp\invert_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\stretch.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\tunnel.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\rainbow_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\static_color.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\clutterus_ico.ico C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\crossHD_medium.ico C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\crossHD_small.ico C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\mirror_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_edit.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_short.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_snd.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\plg.wav C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613399690295360" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Clutt6.6.6.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3672 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3672 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc22aa9758,0x7ffc22aa9768,0x7ffc22aa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4572 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6428:120:7zEvent9304

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5780 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6120 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5824 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3144 --field-trial-handle=1764,i,2727242750997891316,7448196663722033960,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x22c

C:\Users\Admin\Downloads\Clutt6.6.6.exe

"C:\Users\Admin\Downloads\Clutt6.6.6.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F" && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && takeown /f C:\Windows\System32\Boot && icacls C:\Windows\System32\Boot /grant "%username%:F" && exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Boot

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Boot /grant "Admin:F"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.75.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
FR 142.250.75.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com udp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
FR 142.250.75.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
FR 216.58.215.36:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
FR 142.250.179.67:443 id.google.com tcp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 216.58.215.36:443 www.google.com udp
US 8.8.8.8:53 scratch.mit.edu udp
US 151.101.130.133:443 scratch.mit.edu tcp
US 151.101.130.133:443 scratch.mit.edu tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 cdn.scratch.mit.edu udp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 151.101.2.133:443 cdn.scratch.mit.edu tcp
US 8.8.8.8:53 cdn2.scratch.mit.edu udp
US 8.8.8.8:53 uploads.scratch.mit.edu udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 172.217.18.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.scratch.mit.edu udp
US 151.101.2.133:443 api.scratch.mit.edu tcp
US 151.101.2.133:443 api.scratch.mit.edu tcp
US 8.8.8.8:53 projects.scratch.mit.edu udp
US 8.8.8.8:53 assets.scratch.mit.edu udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
FR 172.217.18.195:443 beacons3.gvt2.com tcp
FR 172.217.18.195:443 beacons3.gvt2.com udp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp

Files

\??\pipe\crashpad_3672_MNCRJRWQIRFWVVMY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0770b534e89ca429d3c2ada4f8704947
SHA1 abfcbe04659f127abd103502b22660e179e26951
SHA256 044d750f64b31c0f66715d8c522d561c35c7c60492b42967cca2435f953e70c5
SHA512 f665d4f295d395de85613ca23a20336fa4be1ee885cafc4fdfe270c8fd9ea1c55d4b2f42ae1e34b359b0d14a97b9271e5d8f57f572a95a83065da278f037880c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d84c92914a328dcf08260cf9b416ec3
SHA1 3de6c1d0d53cff224b4f7643f79beb87214b679c
SHA256 069bb4bc3d6c1d2ca703a5af00cddc7b496128b198e685ca0bf08017a5533bc5
SHA512 e5d85f7ab0f05f9bbbe58c3e1dfa8fcd6bd490de79bb9cb6959b334164e3fa1c8ed53f25541dd5131175c4fee93ce4ea36401f87a2aed21247784342344de5b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aef6cf6e06aff7bd68aef3f2daf4bf5b
SHA1 adfc7a8212291f7bd4abb89ebfc7a9417be07137
SHA256 f473f433c2f3480bba61de04a31b066a9ffca5b746fb0272a2058044ea362661
SHA512 39f4a63ba56e3bbc72ea70655e902fff770b3e16343845ff4fe8dd83d6eb19a5a1ec9fd74441c17d6de34388d667f401d1878d99f837c003ca18be14ad2cbc95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 89a33ca35518e04577e104886acf7d25
SHA1 d6efa88581b3b7d1b3b51417adef41c389d63350
SHA256 d332ea9eb6ffd029cac3dadafbae3b98a79fec138b5badcd66c2ca6a4a589ba7
SHA512 1dbc380d7f5e722866ae3d4467a4d1653cb1b1530b870afa96b24e6603915f528ec24549fa463435c4d5e93dc69ec204391c221e3b27a309014f17c8e6fef764

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 482ae359f853790af2c50f5542915ba7
SHA1 8cc7faf72d8b3f4439ac37bde0f1d84cd649680d
SHA256 bdce8c5c097a139cb4bc177ce473754d9b42cda8a5cdbeb09d63e75f92fda5b8
SHA512 4b517bac8e0a61963eece91d8fba5ee53beb7ca84e931eec5cc955541819f8e88dae7c2d9a4972ff3ea3823b4098889f10d84f1018641d9fd35028ed25af3a0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5240fa971a75029c3c5de4ba05385066
SHA1 ebde80a58fab6d6212983cce9126d982b845c37e
SHA256 a478c8b19de9ea6371977984dfb305d3cd0a9b73e77d31400494e11b69e593ea
SHA512 c06a02002ef33e11e536f012ca71f60f6abfd71b62aad92894000fbfabd19d6ab631e0a7089adc6a3e90120e0b4ff783bb0cf9567bec44c6f0f4a5c95fd19b9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8f77194b49ae5496870d515d42749c02
SHA1 e16bad4211b9c6715ea44cc1bbb3ab7b532f0d50
SHA256 609a0379fe624c3c144dfcd3ca1bdac866161659d77ea6c7ba06d7dbee8b7215
SHA512 651b9d496d83cdc77cc6e8f8b6ecc21c2051c891ac8ec7ac2b9c044b3a83f3b4c1f5595972fdde46995f71b16bac2af7d5dac560223bb1d1664b48aaaa74c0b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e180e6878ce67b0217d305e74484dc38
SHA1 784799116d6350bc3d43c2ea736ce3c43d980624
SHA256 4480164180d6af93af1f654b32a95b2276251213a1652313704acc2267926595
SHA512 8431e3bb6bda7f3dd108e13b77e384a610f475ce134d6c083a2d6a0db04645fe060b8799d1debec5d99125420a89fc5629b46e0c29bd6547b159c7520742e1cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56c2bfce8437d25bf52dae52c1623469
SHA1 d19c16f352b35512875207471dd7b3cbd6fb3124
SHA256 f493681f370c6cbc1957cbe74dc2c771120e526c25d6b3f67bd0755d807ed50d
SHA512 9f53b98cddaecdfac9de59be89eb21da8d90c7f86ec44c225d53683522e43c3380388161f9dea75ed942c9602037a7a3d67defcf5894585c93b9a01cd77d51ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f348e9c0b5bec237d471fa7cc317efbb
SHA1 ca5e99733e06a21e62024442c2ac6b0840c29383
SHA256 3ddf0ee7f636f281e9c7fff9560bfc304c82626cd909312f8c02c91405e500c6
SHA512 11f024c56fef5abda6c9b30354d7e7ca5a6a88bc154f5eb7d0a1365f5080602e4345b9ba86e290f17b5ecf278f1f409907f6e69cc75a6b75feac990ed797c5d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c81aea6fa213e267dd71171e85569182
SHA1 e5b6456db9283da7ecfb133804857e6abeb41628
SHA256 2696a02db8b36fc8fa3921f44e1e982b23a8421ae2d75f65ee77b0f64e6d7f40
SHA512 0053670f6b9314f502aaf2fdc5617c9d35cc97135878fd014ee60ed9fcb233afa1f7c4190ecd02025029ef9a77b276ac2c7f4543c88e234b5d956b40100d4c22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5955c7.TMP

MD5 3a541b25e564b9b3345029e3d3f1e9a3
SHA1 000086e5559b616affc9f2af300edaeb116bf407
SHA256 feb38fc16b498ff046804c1141ad21c7474cc17a3935a87da8aa2ffb3c805866
SHA512 80a3b8abd5ae26cf19e91cf06213ec464cfdcca57915410e61e9055ad92a1f2194aee83fa041ce378edf29fbdf476b65594347edc3eecff6df1e4f850fe26ebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2352abcbff1145a5f18372454a5e82c2
SHA1 8f01e1b74cf573cd57eefd1100fb6ff1dd6f0f6c
SHA256 c4c0d7974784ff0a802479a2483ed87920484f529446e8ae7fba7dbaf3157068
SHA512 7273203ee4d50b2f48f85cc1e30472414b8116c66eb5f6b1a742e17c5def25cd0215e32e305c7fdf6279644ec54d3ac8156477b6475be8e07515d9b18791b30c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b8a248435b8773d04480f20aeba1bb0e
SHA1 bbcdd563a1d8a0b3a5105c06afb7d12c171da603
SHA256 e1cbafb270157682dbea8b9a2b852318021ba5ba21cdcff4438b9f018dfd52bf
SHA512 f28722ef1711b0332f50273c4a50ea7c74bb81bb7372e94e883cf4785f6a09b623bb1357eeee22803520baa047d1b3e1e59a7c23941d6ddc0590301aa9c91555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b116a03f4ce0162d4f52a4b90ac42d0
SHA1 d9eebccbb41eccabf45ac632f0f09d8ef4ac64ed
SHA256 f4122de2e67929b977379bf5385f4b56fc9763415ea21cda7fd5b3a2d75227ab
SHA512 81986a4b0ff7a5b4f255e9577f4874bca9d90d4114a04ad5062a6e05be757dc8975288b404a7d44c9fa08d6308a915cfc52d08aac6fbbb0afc53a23278ce1c44

C:\Users\Admin\Downloads\clutt6.6.6 - by CYBER SOLDIER.rar

MD5 60fda8c078bd2c6c8be5246d493afec6
SHA1 339675682e1a9ac2008d5bafd9b49cd3167998dd
SHA256 72d36858e676360cd470943c3a22110324df8e4571c166dc823b09dbefb4017c
SHA512 87298877d1c4fadebd0bf40dd774619f9718eeba4b536dc9eee2abb5bc1809501798152139c47b3db204af119cc52904814c689484b400a00e1ad6e69a58aa00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 be436889b94c23edd90e3bd2195a7fa4
SHA1 a80abcfdb4f834fb7b089a7e4434d5227a9a70e6
SHA256 11412cea88e389d9ca432ac50df5c979e616e642be0a6524de8e4954c026d56a
SHA512 7cfa15dc9cf6ef6423d2dad7550bfd30117c4ab51345a798ec8bd66fb2206331124e3ea24d494b2f1b6f602249c2ebeddc51ecceb876d0355cb61bda22b16a03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 328c52d5506eb516d5c6b36d28fd4e74
SHA1 bccbafc647d4015eb47642431d152711c7b394e4
SHA256 afa4e58d29b4d22d79afe99eea500f2baea10c5e630435d58eb6b9118efe3053
SHA512 5f5a495ccfa449b5124a39f4ccb81a5fbde53b894645db591d7dfc4c1c10b4037721ecf5d5f5e00c01f0d11e11276f128d065d579987cc2d81e5b8c4f54d95bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 f998b8f6765b4c57936ada0bb2eb4a5a
SHA1 13fb29dc0968838653b8414a125c124023c001df
SHA256 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512 d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d4a0871ffd32d38501b43ba1d3615986
SHA1 f912b48503d3f829adbee7defbb03983bcd1378a
SHA256 d5ba971db60d601e6b69fc8031e9c479922ed0fba29749a9db37ea1fe1ee6712
SHA512 f36cba768e0ab1c2fbfd14fd759b2450b73c94dbf881b64f216ad9528c5e4fb8c0de0b8ef0de5b8ef654e41092ef489b398fb6a997280103e0cd160a5062590b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\14ebf05b-2146-484c-b20a-03331d967e76.tmp

MD5 eb527bdb025f50d44830563085e67e7a
SHA1 ea97cd4b066bba547dca9aadbb8f22889e949e1e
SHA256 16a10675a113675f536161f072f1c605879a9f3a96506af17118d5afe9a3b2ad
SHA512 0259c91830d0ebc7f16629601f4290c076ef7a3143df74cb15c7bb859688d46e1f2cbee7e1ec11cdd2effe5e64157b6e6e83a3b892b2b7ed9ba63172b2243b38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 42680c8992359962093b51217b95d1fb
SHA1 ac893a449d922dce098714198817534bd0fd5313
SHA256 04adaed84321aa420709ed78ab46a5c26a7530f7f4d519eac637844d4ea28da7
SHA512 93ae98b913a9ce826d9b356462e1d1795af7e89b53fccb6ea2077dd808015ad6dc8160c8f9cea985b202890fbdbd83d9243130cf12dc02c4e1f5f0b4ca8fab24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71fa0f871e97370ecef0fa358e05109c
SHA1 89b61e6ae39fa56e87bfbb54704f065fb33a64bc
SHA256 d5c769e9caf4408fd5cfed3e6a1a278092f87c9678f2c6a668873b36299061d1
SHA512 707f932d2972f86d78fb748e62061fd4a40baff81b2e5c171fe1f6ebe9f44eb2ddb2aee69d02ecf1d023b2e8be43c04ade8f7d68d8cbdc9473dfd0642787c33a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f446bb0c85357c94a9b89584f9e04cb8
SHA1 ea4d5870a222d6877aa5864c1bec075e19f27848
SHA256 0e05c784097169f68f963c7e28e5caa29266ac47538a3f211075611ef9012920
SHA512 7273c0e75dec3148be63eaea28889bdb9c643f7c0124149e3056ed7b817327e95e33c3efd09950fbd57093a21ff09d08236b46b801e697223a1a130ebfa16c36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71e0d04b81adf9d077236fce30849b11
SHA1 dd98e3c63c9c4b38df09ea472fcd5710fefdcf13
SHA256 9284cdee03961fb754e07bfd641005df4e54febfbc181aa25dd9fb3af54d914f
SHA512 65a4dde59d3dff84f937bcee8492aade519c57bee7715d8e5c390ed3d4c5becb02dadc0d3c874acbf7f11226b6fb627ba9b713b4833532b419af960f49bb75c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 526f1480e2ce7e47b9c340ec9cb89f31
SHA1 a13f386b6e2b60b568e251c0d07f0a300a69b78b
SHA256 7d4a1dc2bfbf902f56fc892df9e7fcad1b71f93369c7e88845ee629628508d1a
SHA512 f5553ebd28d09483bbf3a24c127276d84a84617e925fdc09e21ab4f60c1d797675a335454ffbbafe10a6d278c9c4648579dc2f3b4653d0d79654a502506fe49b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19d2d0300bca9824a9d464a8f78f6f2b
SHA1 b28f5deeac6c063a362cf7181a922f61e6c5d493
SHA256 e5d765943cdeb95f70be5efb5433e3177bd95bb737c2d920b0254f96118f5d66
SHA512 e7ac5bbd97f7a5dd2d40bf55f8348e4adba9b8f47011dfe4d43ca49723b22165c517181c3dd82ccfb34cafd0670aa48c7520ac554ef31fc00928cfc17d6f83ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ef8bee5bd7392fe4e8647a454f7f67d9
SHA1 b07a871d096c96a1b0c2d3f053969ca0101fa21f
SHA256 7c2316efdcbf57888f62fa13ba316fbfe9b688cb11eb0b972e6ff59dd36354c8
SHA512 7d1ac4a7408ae6dda156152e9481bb168fdc7f6d11a4e5580f6be2041a783cc3ae8d0e21a025e81051e171377f1f616eb70f23d6097a067b6c74ed1e8c38ff94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c3c09eae098fd4dcf85968a1ae1fb6eb
SHA1 e37bc4686b573fa7ba6f88d63cec3cedd4f75429
SHA256 e88b91b8e944d30e8dbb5a7647ea3608c14b7785d750cc58829384e1b796e867
SHA512 5f6bb23c10f14b0b72bab99e80ced458c54e99c39e95ff4149a176e7323133f4a49d5e510a8d6f48dd9929e618a76624c263cb6e83adfd105c28d4d1d73988e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a908e27ffe3d82d1e1e0c10d69e24e7
SHA1 7bc8b72b2a7b6a54cd7ffe823e7f2d4367473394
SHA256 51b723593e5a995431823f333d4658fbd30983ae92491773cf732650730a01fa
SHA512 273bdd47b395fcf7c358c11cfecdeed3bc517a6a2376ee78968c30422f66be48e71fd6b73c3f262e5d6a6a27c5e4cb47ca148c3104d78bfb64de608e658e82ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cff782c2522c2cb1d1e5d43210a3cc03
SHA1 50d5280fdfa4f82cda2426e3d746aeaca118553d
SHA256 bf9fc43b894539fe4cb9ecb3393e79de1969c696f3095debec04accf9ea56ccc
SHA512 eadfd0b162f80b756e98d0a248b41232d090067de10d2500c3002e1d4b32713a2e19196de9768ab82bbeffc773480b8f41090785b34220d6061249d03da83772

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 29261d6e4117bde8c4ec4d49eeec53c5
SHA1 d6130feaccc813837a189bdaedab6f798678df9d
SHA256 48946a77ea4e09cc7d7e6bb2c59c107fc175f8a92e4cd8903cc28a0bcea90fcd
SHA512 f4d5ae95585b7d9b8fb7e078728cd048a74c40298b183fe8309b88a4681892efbeb5da1b0c583e312bc00f7a71beb8708d57705ed91b178587223e0f3eceb9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0183b912adea61d84f31cc1c484c5416
SHA1 754213b3e83e23dbb86dea64619a6572f925c879
SHA256 aae673a91eaa58409294117ea67a767a1e2fd9614b69aa592568ef0dd570f0cc
SHA512 f4f503dc1f61504e96ad4b282da4dd758da7cbdf330d3e29c88024e194321de00c946fc720c47cbce184239a8233c46cec9cce8abdb9cb75bff87bfdfaf65b72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8188a7e08b99e1ac083328dfc4e308f8
SHA1 ebc8eedc0d85218405b9fad1d8ae62fac51fc591
SHA256 f442bf5581fd42dc8d1dd06fad17b89b8764cc274fcc3cdb78879a61a49c4893
SHA512 10d18c089f5212d40471422ace2b78d9590bc9992c9fe74d810804349c7e6a48f8ee2f5f0f0ce0d2650dccf1258f61e60a2de275a5690b68abc00b9c80f44709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 39d19439c2682067a01b779a9b88c745
SHA1 b0ba7fd2e0c6a42dcf9fc13011e7d5ac46c9db89
SHA256 ee3dfc7ec161cfc5a59f3242ac3d4fb2b9a882fc22b8bb04876825e2478742eb
SHA512 bc257c68f4476f7ea72f1ff22008e68a2afd99a2b64b5a70de602ff6c36e05fceeb9b687d4ef9751d94af809294a8270d73c3f4246d018bb6f2f88c7ac3e0de0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 65acb23b52f809d1ed692ca459a98837
SHA1 9ad6ce35522f48efd9bbeb51bb12812c2289c5a0
SHA256 f49926cc356600a7953233f9851f374b26eec352622dd632e14cbd46f36938ad
SHA512 ee4037b19436149b87076db08b156b88be5447112c5f37b5fe73da589484f54c579b67a9402348eb698657c78b672b8ad02b0e53fa6a5e8266f6d2a0a6777045

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9a322f30faf2155a214b7cacaf442b35
SHA1 91779a000762a27ddb15d6097b54f114f3dd35de
SHA256 61a7f52f2398edec3c2ee039dc350baa4ff6d34497e8b5d8b62f45186821e78a
SHA512 30ae17259aeed529090090107eb334445d799a8e405beb5288e034c89e0f7d67deb87c91e20a1ae365942c352571b45845e221cd07a4b73a857a18623dbf1322

C:\Users\Admin\Downloads\Clutt6.6.6.exe

MD5 ebe2598356ddaa94e3c507a3bf3fbaaf
SHA1 12fbb71303fbad2d1d6b644d67f3d895ed417ea2
SHA256 bce721a6081d418d0e00bce7dfb5a6b957767b0138690f7e5d642181556b8296
SHA512 e541c1e25c081530b7102445d57c70ceaabb3a719ac895b1322305d3b2e0c6d8cd42dbb231285473a48c8221d94cfd3f9aab431a2aaaf551b55b060d83f87552

memory/4044-872-0x0000000000BE0000-0x0000000001070000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c269395186521d33d2b5f86e13303038
SHA1 06e4b0fda7e3ab5f8835a52ea8ae4e82e9101317
SHA256 8956448f6307bc52f427f0cf24bfe46771a6a71fb6a3a65d23d4726e7ed6e091
SHA512 d48f568dfe1420505d5d63511ac55748a812a9b323a8a2410f4cfbb303ec853a317f00b5548bc089b0d1c938189039b1bf9fe78d4750a0b82478c4c4d26a4250