Malware Analysis Report

2024-09-11 07:27

Sample ID 240529-cfn2qseh76
Target https://archive.org/download/malware-pack/malware%20pack.zip
Tags
bootkit discovery evasion exploit persistence ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://archive.org/download/malware-pack/malware%20pack.zip was found to be: Known bad.

Malicious Activity Summary

bootkit discovery evasion exploit persistence ransomware trojan

Modifies WinLogon for persistence

UAC bypass

Disables Task Manager via registry modification

Downloads MZ/PE file

Possible privilege escalation attempt

Disables RegEdit via registry modification

Checks computer location settings

Executes dropped EXE

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Sets desktop wallpaper using registry

Drops file in Windows directory

Enumerates physical storage devices

Delays execution with timeout.exe

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

System policy modification

Modifies Control Panel

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Abuse Elevation Control Mechanism
T1548
Bypass User Account Control
T1548.002
Defense Evasion
TA0005
Modify Registry
T1112
Abuse Elevation Control Mechanism
T1548
Bypass User Account Control
T1548.002
Impair Defenses
T1562
Disable or Modify Tools
T1562.001
File and Directory Permissions Modification
T1222
Pre-OS Boot
T1542
Bootkit
T1542.003
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Defacement
T1491
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-29 02:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 02:01

Reported

2024-05-29 02:11

Platform

win10v2004-20240426-en

Max time kernel

452s

Max time network

555s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://archive.org/download/malware-pack/malware%20pack.zip

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\windows\SysWOW64\takeown.exe N/A
N/A N/A C:\windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\mbr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\MainWindow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\mbr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\MainWindow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\windows\SysWOW64\takeown.exe N/A
N/A N/A C:\windows\SysWOW64\icacls.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\mbr.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\mbr.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" C:\Windows\system32\reg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe C:\Windows\system32\cmd.exe N/A
File opened for modification \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe C:\Windows\system32\cmd.exe N/A
File created \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav C:\Windows\system32\cmd.exe N/A
File opened for modification \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614217019590807" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5) (1)\SpongebobNoSleep2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5) (1)\SpongebobNoSleep2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\MainWindow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\MainWindow.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3440 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://archive.org/download/malware-pack/malware%20pack.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9eb4ab58,0x7ffd9eb4ab68,0x7ffd9eb4ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1552 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4852 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4116 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5620 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5940 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6096 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5) (1)\SpongebobNoSleep2.exe

"C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5) (1)\SpongebobNoSleep2.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\8B7F.tmp\8B80.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\mbr.exe

"C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\mbr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\tools.cmd" "

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5) (1)\SpongebobNoSleep2.exe

"C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5) (1)\SpongebobNoSleep2.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\D2BA.tmp\D2BB.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\MainWindow.exe

"C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\MainWindow.exe"

C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\mbr.exe

"C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\mbr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\tools.cmd" "

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe

"C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b8 0x2fc

C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\MainWindow.exe

"C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\MainWindow.exe"

C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe

"C:\Users\Admin\AppData\Local\Temp\D2B9.tmp\gdifuncs.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5472 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1540 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3880 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5080 --field-trial-handle=1900,i,3709159602655395483,5755408673045025374,131072 /prefetch:8

C:\windows\SysWOW64\takeown.exe

"C:\windows\system32\takeown.exe" /f C:\windows\system32\LogonUI.exe

C:\windows\SysWOW64\icacls.exe

"C:\windows\system32\icacls.exe" C:\\windows\\system32\\LogonUI.exe /granted "Admin":F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c cd\&cd Windows\system32&takeown /f LogonUI.exe&icacls LogonUI.exe /granted "%username%":F&cd..&cd winbase_base_procid_none&cd secureloc0x65&copy "ui65.exe" "C:\windows\system32\LogonUI.exe" /Y&echo WinLTDRStartwinpos > "c:\windows\WinAttr.gci"&timeout 2&taskkill /f /im "tobi0a0c.exe"&exit

C:\Windows\SysWOW64\takeown.exe

takeown /f LogonUI.exe

C:\Windows\SysWOW64\icacls.exe

icacls LogonUI.exe /granted "Admin":F

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im "tobi0a0c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ia803405.us.archive.org udp
US 207.241.232.195:443 ia803405.us.archive.org tcp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 195.232.241.207.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
FR 216.58.215.36:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
FR 172.217.20.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
FR 142.250.179.74:443 translate.googleapis.com tcp
FR 142.250.179.74:443 translate.googleapis.com tcp
US 8.8.8.8:53 translate.google.com udp
FR 142.250.179.78:443 translate.google.com tcp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
FR 172.217.20.202:443 translate-pa.googleapis.com udp
FR 142.250.179.78:443 translate.google.com udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
FR 142.250.179.74:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 id.google.com udp
FR 142.250.179.99:443 id.google.com tcp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
FR 172.217.20.174:443 play.google.com udp
FR 142.250.179.99:443 id.google.com udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
FR 172.217.20.182:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
FR 172.217.20.182:443 i.ytimg.com udp
US 8.8.8.8:53 182.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 142.250.179.74:443 jnn-pa.googleapis.com udp
FR 142.250.178.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
FR 172.217.18.195:443 beacons3.gvt2.com tcp
US 8.8.8.8:53 api.github.com udp
FR 172.217.18.195:443 beacons3.gvt2.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

\??\pipe\crashpad_3440_FSLZQNYPVOCDGDPO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 283a4346b673e02112e7fe382cc840d6
SHA1 3db79f07041b522a50fbeb11d146db710446fbb2
SHA256 03860d01217191c090e0cf469fafa9421ce9a0ced6c2bba60927184232a78333
SHA512 65e1b0e239ce5ec47dd4aee4471cc8ed07d79554584f0acaaa43a0816785806274dd471a07475c9aee8ab9e0876984bf6bd335c138378816d138e613dfe8c41a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b375b6f177fc9fd1dce300b7afa842bd
SHA1 8e5781bc4740394a34299e814f31d729704ad3a0
SHA256 e3eec6fab4e8db7d54462ed24fa25a4f723124136cf00ab12bfd86c3a907b704
SHA512 5d9707231d4fe6a6054f289df98b60ad941027d280321f73fee4232adfc1df35c762c5bae2663b5f766a43ee9050beaf9f10014d255821d8594330f77178ff27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7fd2cdd56a80574ced98f6b634824725
SHA1 b212dcc50ff61195395e0590f974547a76a11263
SHA256 05ef8ed618d6712ff1d5e7b2e71c23839f30d5716e53a09ccccede2556867f73
SHA512 7abb26c92b4c7218c08d6fb8634d1565058d477d5d5f96f8ad3c2cae2af09e0fe55eab32eed711983fa51dfd571d3b91df20d1a9d16f636856c143e40aa79bbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 785bd7533922c29f1439d5a7ebad1167
SHA1 c6a3eab9ce871d109720672f2ab6ebcba32217a1
SHA256 c599f917d9d476ecc29f1e72d2e71501ddfd7ca5607494c34648fcfbd7706edb
SHA512 984da6b3f5a8624afce0144eb6a246228676bb68cc760f9dd596e83a1097a10352ff284c155377394826d48828c22deb5a9a07c7d5c73a76a1ccda94531c6ae8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0b580a8156ca81cddfb7ccda97e0f16
SHA1 6685ab52bc09cac9d979671775cc7c1ac00f306d
SHA256 4918456e296289727cf4801511f52fc1b6b374623e0f314d46cf5830a876d3d2
SHA512 e7df7b6a021fdc40b4398c033a4fa35fb5750f467d8d763bf9a782daa1d34b4d0d0a8d8f0afbdfeecddedb2a3787dec88f8cac1116ee190a67123cdde9edebd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c76d034211754c744956b4a877c1d68f
SHA1 a5fdfd2c90d8fb12146ed4b7c4696245673dcf84
SHA256 8a03eb46ada92b7a6321e367f57855a9b4ada5f0bb4542f48b40a23ae4439042
SHA512 771ae5e8c918f3f689374e703ac050a132b8b5cd85ebb877fec722dacf7f8a628e2c5e5924c7b3177b08ba374d30ee992b5e3dde5ab5d9b7b82fe3939fb3f988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fa582b591ee2cb46df7e1fc509bb7b37
SHA1 aa7596ea3ad2998d729e2ed60f2fea022ce0cb8c
SHA256 e8dd843a44f4b415c1137c71ff7acc6df17ed091ac4953d105fe8f178fc867cf
SHA512 32ffa1a355712ee6cf3c177375d8f47e613d92446568f5fceaeda86344719bee7c999cc9861a1853f2ab4a09310697b71d45d160f5ee2e5c26eba9fe35ccd954

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df390868096e8261a5bead0ecd40b7ec
SHA1 6ec4936391ca8d01646e83ba3dddfc6bf87ba4e2
SHA256 c0e35de336803b505067e900eb1a27257f1aa851506870d89f4f6a53ce796f88
SHA512 933bed6b69dd1043af621b8b5b3433d25b16e5b480ade3e6bb5a3052aab48402d6a20b80148ebe209d3243d41822ccd44c0672f6c6ab70738920b030995e829c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 f998b8f6765b4c57936ada0bb2eb4a5a
SHA1 13fb29dc0968838653b8414a125c124023c001df
SHA256 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512 d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4a6e4d40163153d9e533ae86fb0cbd62
SHA1 720790e004aa0b1a2e33524e40de9ddacc4086b6
SHA256 6ad4627e81caa83c21688a21f1d5a24f818317355fb6b8ab567c04ec90d5e116
SHA512 4553da2271b24d7b4de3b812785367e8ca229e2819b9669a97dea65b2093dc63bd9accc78e84bdc83d93b2d80ecca00188f9b0c738dab4b47105dc2b4ff72174

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91a43ddfcc2058ba6a755948f90002ee
SHA1 41625f94f3d7a13b83b8388c7b844a5646b73746
SHA256 ffdbfbdffd8dd3b1a4ecf0784e20a23dab7e5a9b8ef56287652adaa2b25287cb
SHA512 8dcb78cf78740dc53ee799498d436cdde138fe43d90f08cf703d04855ad73c39233660082b6607140eececa956e7dd40c29e73d4d18fc601b7bd6c09bf7f9ca1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 22f4b0bb6ae1cc3a5071f8b201440003
SHA1 519a6b850434b12ec32cfbb8ef39062c504bd3fb
SHA256 a944e61c0b2b46121ae28a655c3e28f49aa3a9cc165aed7acc83138b06dab584
SHA512 07110666f208a289d17d4e2aec5c58b983fae90f00b35398ecf2745ea428161064e981eee15722232be1cf61b367c3e3dd52fc322c6ebd998b2d3ad7f288c378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a60910e41146b6f9421409c7b3e1c28c
SHA1 8ad3d2257a5725939dfcf237dbacbbb4d2d63ea1
SHA256 5f468fc012c3d778c122a85a974131a33ccfe2eb027853074325260944f984fd
SHA512 a919d9dac658ca189edc807a6a6126c92332708ccc33e180ce1f2c539cb779914e83eda58463eb16f1cb5e5a479c7dc2b6aa815a827eb24d477d072d79ff4547

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 905f557171c367483bcf91c65d82990d
SHA1 e17edbb965f85fa5929ec3f5d4cd8b57d55307f4
SHA256 7bd5e8e0766e523c15e99e2f16e080a9d375bcff70c8ca2b5953bc312fa50f64
SHA512 2fda5aba5d32465fbcca506285418f1c1ad15637e1e056552114f24564e72aa630370cedf394366219dcffbbf9ebcdb04b193ff0b5671b38d5cb371c78624224

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d5ea887af8db7f83856a449cac7f0ad7
SHA1 2f35117c838b0bbe0b7751f3e9a9429f6d94c536
SHA256 de6a7bfc77d1c0746a8395ed05dfa4998b6b359ff179658fe5d991dcc6823702
SHA512 4bba5b2ccc9e6eff1b95747b35947b0c234f14f5224a87d4d2b3805542f022db8d7884e080312fc9b554d4e6f92a6ae6a9f1f5942248cc2a494bbddafaa76a7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 eee900e4ecda1898e246b09f42490943
SHA1 c328dc1c74e330301694d23a35d229529957733f
SHA256 ff9d26d0d39d3255936f756abd5a20c71692bfb068135aee1dea35c34efaadb7
SHA512 bc5a7fcab660e26d95abedd00fdd33a05d13fec10ef3fd417e54885f6f0f73a967310cc45f841de856255509faacd07a6280b381a81c6763407704118f293ca5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 995e26e7de41a1c60f62ecbc8e2806e5
SHA1 21d036e0099bc83479a0266cc19dfd21f1d16b14
SHA256 9346d1ff23d0a94a6a82693c136fe2358136095749a88ebedfcf150d25bd2946
SHA512 8b2de54c675c1dc8a632f618e2d54ad1ce360a922d73c08cdbe82ea0c517181f5764bdd66a12161dba3c46eef3923ae3e23c08076792332176e0d80b992d1b4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb8d215b33972983_0

MD5 16182321c16f2ef7be358a1500930e8f
SHA1 61688dda1f407fa4b30c631df33eb0291f6d5cd4
SHA256 3a722bf521cb30cd8565c172c0dd24413e9da064f6e95c3d9504e17fd4c7303d
SHA512 65c35509aa1f629e76e24c784d20465167942301001dda84bd05ccc53ee58c64786282ef0abe22dea6cafe4383dd0aee4630260a7b6cc4c5c12a5d7973bd01ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a7fe77962c588a38_0

MD5 9fe7c89f300b7db00228f35a3471c751
SHA1 0891b8691dc0a9089c222dac02fe40d5bfe29648
SHA256 4cb4e4219ca2b2e736e840012f9a6108f06f0cdf12ebc7648a98714e3de3c0af
SHA512 904b4d9e1052acba039dadf6e2330a4e97947d9f7bf32ccd22fa30f6051f4bb01627be34f667d6a61dd563c35bb125d989ad59b6720b84a4e14f2c7c9d8223ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2363429f863867a952841889c9d00f9d
SHA1 4033612e98f7ad5806a0a9b78a74a9c851b05f33
SHA256 8a68bf4efecfffe3255e23df12326de4c3f10fdb10d6100729868575cf58059c
SHA512 63ee168e175d5a8de331ffed73e333b889a29d7e4f51daaa8914547b593449925560ce93d987b8f2220bd0c23bb78a77d577fc1e6f8e1a1fb3b022a6cc5151ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a854e.TMP

MD5 d3d8f3dffe13185413351a6af8ba5fe3
SHA1 7a2d43273f7c9211d0e739bce9f0a47c50c4f50a
SHA256 e9040feb258b0c0a6f4a06103418c20643afdd6f913ea4d2e0f65843ee424826
SHA512 6b372dede75717f16fd884ca9afdc35bdf6450ed403de5be9abf353fbe08170ac5e3e62ad93c28374feac42282b950b53825afb45be9f630072ca7c62685bbda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 93127589e4102be66effdd1ecc639c5c
SHA1 ca1daa9dd838c8d91d238cf3d04e416be7eac04a
SHA256 a08ddc3f843ef27cb8b4ff3665dda8ec6804e5f45841df4f559b419ac2eba93a
SHA512 e44190162853e42c94c02a96edd9a3f9c5775a8bb40848a588eace193718e954c23cb47fb82d79500786d04cd7c26e53d01b5433d2de9da6befc9b33eb4ae9e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b59f467ef82c8e256eb3d04625b0cb19
SHA1 5dca33b817eaac0dcf0b027e993e6513a3fde655
SHA256 1f485106522819b54b04ac96a11bc5a53aaf9615a4e3ca2878aeeaf6bc6ee026
SHA512 efb859b17f65396753336c04790cca24adbc4985077b287c0c9505f8089e424914b01bd80772834c99e64f7af20a72f8ef765bf33db0b66ce7d64d0150f96935

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29efc47dfa53e3cb12d2d1a619dd82b6
SHA1 d3256a3f1878e61197caadd2aba4d1398a12f358
SHA256 7362c447b03df936d99acae9d55bc808a37f7d85e591d7d5c2701efb4535cfca
SHA512 7db07b447b26e89b3532fd0357ecb0baa7a029d75ebea804812c1d7dd2b05359d569a5573636ebaeff906e5f3b605f73ae2ff491818e62aa4f3c66b37d736958

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4a3a86cfa93306fa92ccafd32cf21c40
SHA1 d90b62cefc06b6b9f8f13df3790c6fc85b8f753f
SHA256 8d3d50480028c5b1d2a90b38a069585768435ee046c9bf94f38f210ef863b8a9
SHA512 c779640586885a2aaff4c0c8fa57237ac253bdaf0e154e748938976f08a9561545b77d9e729f290ad5f873392911e6075b2104e276b48129b8134c8fd3f88a60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e486a2b7212e5285c24ef8960af9fe42
SHA1 0da6317e0c6d5f1d86056d987f6219ef893ccd10
SHA256 6e41c0246a6a377072dfa86a36b62752f990d7280408241b571f06cbe9c7cb2f
SHA512 f9b12a4b9357adced0e71108c40da54813967588cfdd2a81aaab76233c44ceab57f8d20539ebf0b711d3689e3841e69636a0e3ff07e12b1c1ff7bf2574e55aa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bebd11ad302a35802dd5c54f28370794
SHA1 330fcc5d2a14efcaf376e657c515a65e73224f90
SHA256 ff69aa5abe2268b2a1d2e075bb6ad9763743eee5cd49af6d1b8e809e01551101
SHA512 a1d34f85065d6b43e0b0b7173cc7321606d03eef8bc442390cfd862f21030d579fa458ffb1b8d55fd21ec4e72b34bcbc0f0953efda572bdf9440b87fd396015b

C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip.crdownload

MD5 914fadaee197d1f71082a7bd95e042e6
SHA1 3356ffc83b5edb82940a04ce067d9e7ae7fd248c
SHA256 07bb2b15e3e6a2711ab2290c1f4a10f89ce193657e64f4e92190b7139ffec6ac
SHA512 b9aa1390283b3003b264531ed50edeeae1922f25dca5fce0bcbfd5b72815ef7040fa8c024276e234286b76f46a4c69292b45b8250679f686f329ed9edb042026

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5abee50cca7675e8e8262d2e32e8c3c5
SHA1 b87c7b747b193b91d19a00b7e1f41b86d0797f5a
SHA256 3bfd59031faf22e897dfaf76609583938e925422be93afee0b43e932000c944d
SHA512 cd84a96d00aea13e25c08c5d39fd915bd4e5851a92a2a8080d8a5dfa2ca8e79a128a152b8aa42a219c9db180e837f13965f2d1530db15eff7070a62d16d19abf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77a656974c8d056f37424df5894939d0
SHA1 fc67c049f68e04fd783af933440f5812e8fb8ac1
SHA256 db15f9d4e41c9364471d2a83fe17d97394e58e6ad2fc8e5a19d6661f565162ff
SHA512 97fce004a44fbed44def8140886e3601bc180039d78a60a0d07303e05bcb764f1b15dedaf6e3a5d8118c42504604e2f01ceb553e141badf7b55bd1374e6c2cc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0674cd6b19b6fb9d0d3d494d132a8d12
SHA1 8d2026cfdda0d9ab62dbb06263955de35398bf7e
SHA256 1d7d8e3a17fd2082140c93b211dee4a13936340f760beb8b561983d0ee75a902
SHA512 873eb8e1933fe6afdae6e0727bd8d6bf361adcf20b3c6c1b09ac242a4563ab644e2d3787243336f7e7df28ad5aee362304dd54cc68ef83a87bf99eca63afe98c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c5bf3.TMP

MD5 118601ba2cb0b954bd76a45eb7dccbfe
SHA1 10cc25cc31830172b61193718b652f3adb9bc524
SHA256 b97178ba4ccb5b9dfd833d5577d208a44dcfec903437a33296cb159a42ad06dd
SHA512 b3598d61427a3b88f669a0324a0d6f5da1a7e7e0cdea5757fc72a84555cea28292e0ff6c28887cb4199ee26e2be633fe06e126cafd6d2ef3cce7ddca2fb27c88

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\8B7F.tmp\8B80.vbs

MD5 b893c34dd666c3c4acef2e2974834a10
SHA1 2664e328e76c324fd53fb9f9cb64c24308472e82
SHA256 984a07d5e914ed0b2487b5f6035d6e8d97a40c23fa847d5fbf87209fee4c4bbc
SHA512 98a3413117e27c02c35322e17c83f529955b83e72f2af7caaaff53099b583cd241cec95e70c3c0d6d440cb22cf0109d4e46dfda09ef2480427e9a9ab7a4c866b

C:\Users\Admin\Desktop\SPONGEBOB_IS_WATCHING_YOU 5.txt

MD5 bb6d68d7181108015cd381c28360dfc4
SHA1 192c34b9cba6f9c4b742f2b70d9731b8ba2ac764
SHA256 aea8fb9235900760ac374c6a4a10fba62c2a0ef5bea2dd7ef4db70fe55e0b317
SHA512 e3d6bf8f6ae16daa235e2bc7ce64da5a76ff0155fa89942a4e9d3f10ce70229e081c5029a6b67702a6b14000f62e6c9188ba394ee7183d0667ddac9e0224f3f3

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\mbr.exe

MD5 33bd7d68378c2e3aa4e06a6a85879f63
SHA1 00914180e1add12a7f6d03de29c69ad6da67f081
SHA256 6e79302d7ae9cc69e4fd1ba77bd4315d5e09f7a173b55ba823d6069a587a2e05
SHA512 b100e43fb45a2c8b6d31dd92a8ae9d8efea88977a62118547b4609cc7fe0e42efc25dc043bac4b20f662fab044c0ba007b322c77e66f0c791cc906eafc72fb95

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\tools.cmd

MD5 397c1a185b596e4d6a4a36c4bdcbd3b2
SHA1 054819dae87cee9b1783b09940a52433b63f01ae
SHA256 56c7054c00a849648d3681d08536dc56c0fb637f1f1ec3f9e102eace0a796a9f
SHA512 c2a77479ca0aa945826dccea75d5a7224c85b7b415fda802301be8a2305197276a33c48f82717faddb2a0ac58300f5b849a8c0dffb5a4443663c3dfd951d4e5c

memory/4444-898-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\bg.bmp

MD5 ce45a70d3cc2941a147c09264fc1cda5
SHA1 44cdf6c6a9ab62766b47caed1a6f832a86ecb6f9
SHA256 eceedadfde8506a73650cfa9a936e6a8fff7ffb664c9602bb14432aa2f8109ac
SHA512 d1bf6cdade55e9a7ce4243e41a696ae051835711f3d1e0f273ad3643f0b878266a8213cc13ca887a8181981ba4937350986e01e819b4bb109330718ef6251149

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\gdifuncs.exe

MD5 e254e9598ee638c01e5ccc40e604938b
SHA1 541fa2a47f3caaae6aa8f5fbfe4d8aef0001905d
SHA256 4040ad3437e51139819148ed6378828adcfbd924251af39de8bf100a3a476a63
SHA512 92f129a52f2df1f8ed20156e838b79a13baf0cbcdd9c94a5c34f6639c714311f41eb3745fdcc64eac88ce3e6f27d25f9a3250f4ababc630eff7a89802e18b4bb

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\mainbgtheme.wav

MD5 1b185a156cfc1ddeff939bf62672516b
SHA1 fd8b803400036f42c8d20ae491e2f1f040a1aed5
SHA256 e147a3c7a333cbc90e1bf9c08955d191ce83f33542297121635c1d79ecfdfa36
SHA512 41b33930e3efe628dae39083ef616baaf6ceb46056a94ab21b4b67eec490b0442a4211eaab79fce1f75f40ecdc853d269c82b5c5389081102f11e0f2f6503ae7

C:\Users\Admin\AppData\Local\Temp\8B7E.tmp\MainWindow.exe

MD5 7c92316762d584133b9cabf31ab6709b
SHA1 7ad040508cef1c0fa5edf45812b7b9cd16259474
SHA256 01995c3715c30c0c292752448516b94485db51035c3a4f86eb18c147f10b6298
SHA512 f9fc7600c30cb11079185841fb15ee3ba5c33fff13979d5e69b2bae5723a0404177195d2e0bd28142356ff9b293850880b28322b2ce1ff9fe35e8961bb3f7be1

memory/1580-1167-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/3200-1170-0x00000000001C0000-0x00000000001E2000-memory.dmp

memory/3200-1174-0x0000000005180000-0x0000000005724000-memory.dmp

memory/3200-1175-0x0000000004BD0000-0x0000000004C62000-memory.dmp

memory/3200-1176-0x0000000004E90000-0x0000000004E9A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_D23696CA747E48F5B92A5A58183B43C5.dat

MD5 7bb707bbee177f72b213f2c0997d8727
SHA1 34cafa1b56173fadb42f8f65d2182d2ffa8fc58a
SHA256 cfc1b1f46cae62ff8d3c346b4e56d81d77774308d50cea07a051a0ed8fa39524
SHA512 f0b9a07d94c041b10f20e30fd528d4bc024db1d168be2086f83e7781147ff128df5a8ae82d9bdff2f3415abc05678b640dced48474158a44bfdad666ef92bfa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5c29a76f17ce3407b0e537c2a4e7cdbb
SHA1 df827a7a041dd0de84d2a09949b47c210011fb74
SHA256 ed4d3e639630e5afc6d003270e82d06652d463d5d0b794311ebfc476686fda67
SHA512 cd87ad80167ff4a97af97e478965162d530ba0048e219d553538c9f24240ad2320bce921e2d1d636049aca75b07a931665975c32537e006a9ea779a39edd395e

C:\Users\Admin\Downloads\a7b0c68f-1a6e-4f0b-9350-fad45357e689.tmp

MD5 9faf70264fa30ad9e9e9d08ddd3c37e3
SHA1 b2c8a5a834b40efe330014ccb96581eba7996771
SHA256 dcf81988b0088a36981fa0f59271cb7d641d4927f3245ed64f918ee6646b3315
SHA512 879e2aee1feac7cccf07088f7ae8794d4e8f55d9138c07fab40d920eb7184e8efb6c76e3c7e009c3d10e4b17080da5b7c0c1e3a2bfd3e44e1e5382acb61ccaad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 292f6bfb19c9ad7d6ee57dc2ca65f873
SHA1 3595dde000158fc953cb3c2bcbcfcac153e3c8ec
SHA256 73b011d21fe6c4eee25053d14231e8b5b5dec9ee611388ab63fafbf4ad4cf874
SHA512 1239816016ddaa43b6f9629e225602131c15de5fbdb8d4bc613697171655d36d60953f97d23a97e4203e50ea1aed27618627e9688406b7325b44a8cfb484f4c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cefd4a783207847ca79bb128e16d5346
SHA1 1a7cd922871e5a2617b41e7770e6e49109541384
SHA256 cea4ddcc3295d5076519987fa04321b5cd3735fe6a09831bb0dac2914af2cff1
SHA512 20ad1e3293e9e546db93bc2e46c4ac18f5c00dec264838615def613f83b2559c52c4fce995af1188eaec60d40427c63752bf32178c9afcf7f57f22a284177df0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ce9ffbd146e60dbd0c7c97f4a3aaa7c
SHA1 f077841051e8ce40930b1c15df0290320c24e329
SHA256 4b5c09ff7615ade590f9fd45dc8e7054083a04b7cb7c99a71596c9100b306ed3
SHA512 37c2ba0c9a7de09784b0f1d9870f07ba816fd5fba48496101395f67a8311b959c4d08f8a2e02dba2cb2931370b98501a7a2e5b519365916d59cbbe306ad8aa4f