Analysis Overview
SHA256
989c54ab290e147aba6de1e542eb71cdbc50179dffc190ca46031ce8f18a6c8b
Threat Level: Known bad
The file Setup.exe was found to be: Known bad.
Malicious Activity Summary
Xworm family
Neshta
Contains code to disable Windows Defender
Xworm
Detect Xworm Payload
StormKitty
StormKitty payload
Detect Neshta payload
UAC bypass
Sets file execution options in registry
Disables RegEdit via registry modification
Modifies system executable filetype association
Drops startup file
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Checks whether UAC is enabled
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
System policy modification
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Modifies registry key
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-29 04:55
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 04:55
Reported
2024-05-29 05:09
Platform
win10v2004-20240426-en
Max time kernel
864s
Max time network
879s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "5" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Xworm
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Windows\system32\reg.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eewdgc.exe" | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eewdgc.exe" | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\xtueod.exe | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xghnih.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ekxdiw.exe | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| N/A | N/A | C:\Windows\svchost.com | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eewdgc.exe" | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~2\WI8A19~1\ImagingDevices.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MICROS~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MI9C33~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmprph.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmpshare.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\DISABL~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MICROS~2.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmpconfig.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmlaunch.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmplayer.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ExtExport.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MICROS~4.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13185~1.29\MICROS~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ielowutil.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MOZILL~1\UNINST~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.29\MICROS~3.EXE | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\directx.sys | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\ekxdiw.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614321556228699" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000b453dc33d697da01b863d335d697da0199f30637d697da0114000000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{8B32BE46-214D-4743-91BD-69F985349D67} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\xtueod.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Documents" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching = "1" | C:\Users\Admin\AppData\Local\Temp\eewdgc.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\microsoft\windows\currentversion\policies\system | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "5" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd2b7ab58,0x7fffd2b7ab68,0x7fffd2b7ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4596 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4888 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4436 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3076 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4636 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4948 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484 0x150
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.EXE
"CMD.EXE"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5580 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4144 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4988 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4140 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5660 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5788 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5452 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5268 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5584 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4904 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3168 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5304 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\xtueod.exe
"C:\Users\Admin\AppData\Local\Temp\xtueod.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\xtueod.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\xtueod.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=1160 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3168 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4032 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4224 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5240 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2700 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=2060 --field-trial-handle=1948,i,4177683028258087316,1332813935664359038,131072 /prefetch:1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\xghnih.exe"
C:\Users\Admin\AppData\Local\Temp\xghnih.exe
C:\Users\Admin\AppData\Local\Temp\xghnih.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wonderwork.ucoz.com/
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe" --single-argument http://wonderwork.ucoz.com/
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe --single-argument http://wonderwork.ucoz.com/
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe"
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fffd2b7ab58,0x7fffd2b7ab68,0x7fffd2b7ab78
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:2
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4512 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4288 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4776 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3032 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4560 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2992 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4952 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4892 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:2
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1604 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2788 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3288 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=872 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:1
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1856 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
"C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1892,i,16162165760953473338,5064247633250615592,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\apwnka.bat" "
C:\Windows\system32\reg.exe
Reg Delete HKLM\System\CurrentControlSet\Control\SafeBoot\*.*
C:\Windows\system32\reg.exe
Reg Delete HKLM\System\CurrentControlSet\Control\SafeBoot
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Polices\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD/t REG_DWORD/d 2 /f
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\ekxdiw.exe"
C:\Users\Admin\AppData\Local\Temp\ekxdiw.exe
C:\Users\Admin\AppData\Local\Temp\ekxdiw.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1188 -ip 1188
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 648
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\eewdgc.exe"
C:\Users\Admin\AppData\Local\Temp\eewdgc.exe
C:\Users\Admin\AppData\Local\Temp\eewdgc.exe
C:\Users\Admin\AppData\Local\Temp\eewdgc.exe
C:\Users\Admin\AppData\Local\Temp\eewdgc.exe explorer.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c TASKKILL /F /FI "Imagename ne eewdgc.exe" /FI "USERNAME eq %USERNAME%
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c TASKKILL /F /FI Imagename ne eewdgc.exe /FI "USERNAME eq %USERNAME%
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:65129 | tcp | |
| US | 8.8.8.8:53 | kitchen-minds.gl.at.ply.gg | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.221.185.147.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.201.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 182.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 216.58.214.174:443 | www.youtube.com | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| FR | 142.250.201.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| FR | 142.250.201.174:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| FR | 216.58.214.174:443 | consent.youtube.com | tcp |
| FR | 142.250.75.230:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.201.174:443 | youtube.com | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 142.250.201.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nsr.googlevideo.com | udp |
| GB | 74.125.105.137:443 | rr4---sn-aigl6nsr.googlevideo.com | tcp |
| GB | 74.125.105.137:443 | rr4---sn-aigl6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | 137.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.71:443 | rr2---sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | 71.175.125.74.in-addr.arpa | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| FR | 142.250.178.142:443 | i9.ytimg.com | tcp |
| FR | 142.250.178.142:443 | i9.ytimg.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | e2c21.gcp.gvt2.com | udp |
| CA | 34.130.135.16:443 | e2c21.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 16.135.130.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tria.ge | udp |
| NL | 154.61.71.12:443 | tria.ge | tcp |
| NL | 154.61.71.12:443 | tria.ge | tcp |
| US | 8.8.8.8:53 | hatching.io | udp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 12.71.61.154.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| FR | 142.250.179.78:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| FR | 142.250.179.110:443 | google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | e2c70.gcp.gvt2.com | udp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 29.63.0.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| FR | 142.250.179.78:443 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.kg | udp |
| NL | 142.250.102.94:443 | accounts.google.kg | tcp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 94.102.250.142.in-addr.arpa | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| FR | 142.250.179.110:443 | lh3.google.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| CA | 172.217.13.195:443 | beacons2.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.13.217.172.in-addr.arpa | udp |
| CA | 172.217.13.195:443 | beacons2.gvt2.com | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| FR | 172.217.20.174:443 | www.youtube.com | udp |
| FR | 142.250.179.110:443 | lh3.google.com | udp |
| US | 8.8.8.8:53 | google.kg | udp |
| FR | 216.58.213.68:443 | google.kg | tcp |
| US | 8.8.8.8:53 | 68.213.58.216.in-addr.arpa | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 142.250.179.110:443 | lh3.google.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | udp |
| FR | 142.250.179.78:443 | ogs.google.com | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 142.250.179.110:443 | lh3.google.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 142.250.179.78:443 | ogs.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 147.185.221.19:65129 | kitchen-minds.gl.at.ply.gg | tcp |
Files
memory/4584-1-0x00007FFFD8E43000-0x00007FFFD8E45000-memory.dmp
memory/4584-0-0x00000000004F0000-0x0000000000518000-memory.dmp
memory/4584-6-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp
memory/4584-7-0x00007FFFD8E43000-0x00007FFFD8E45000-memory.dmp
memory/4584-8-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp
memory/4584-9-0x0000000000C10000-0x0000000000C1C000-memory.dmp
\??\pipe\crashpad_4288_ZIQLWKIGOVXEOHSI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0b0a20817ca2be71868ffce37d03fb34 |
| SHA1 | 49e952739815004a264a466bc99154df8b4b73c1 |
| SHA256 | b1afd3731163819d7f47e3745beade7343a7dc34565a7f85cc7636a7b9d8d555 |
| SHA512 | 51bbf8dc64969843ddeae545e860262d8c9dca9ef1cf0091cdb62c07f64bd18c4ffeedb0063a534b5c8b02dd52cb87735a5825bd8814adfd05df1037deaadf1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aae67ce3b60735c4da1e3359fd3d6af2 |
| SHA1 | b8a5e007eb31b2e4b6979855c0489e921cd1366f |
| SHA256 | 66e7272e4c2161053dbad8904b295db879c11fbb5fdb6416bf7fda344083d1c6 |
| SHA512 | 75d512832e7ba331702ac78ce65c09b16b2247d6a9ea267390878b876656e6759a1f8719e0ed54e12c6b6605a5cc00ab3f3a3d213d7864453c6078f5789353a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\90c60e7e-99e2-4729-a181-496b93077a63.tmp
| MD5 | cb41a07baaf56efa9728061d28db1d38 |
| SHA1 | 8175af0a9130f5f763fef5a174e7c80875095178 |
| SHA256 | 8a96e50cd8e07b78a08c2137d9ac28f4ee8bb0415ec627d5053fb4b9494fb2a4 |
| SHA512 | a20fc75ba0c11c53e04c7339ac4dc85d3ef2b469bf384d34ef270ffc4f59e1864725f88647a928fdbbbf8f799ba2e8860a8b265d4fb3a113a44e3c120a204735 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 28541760c49bc20ec7df29ed3df87cf6 |
| SHA1 | f187c0451a7798095c7d3c3d2d7711ae7cf7205a |
| SHA256 | d58fa065bd41b8cd78fb937212a19814cda684daa3fe4cde3880f535b82a9fc6 |
| SHA512 | 053af7605835b2ba63a702bd535a1480d5dfe4d56f5dc75ba607dbf85ef83b36f95ff38a35b426b78e4c37802b609ab07571f79c944f09302e2a164606ac922d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580b26.TMP
| MD5 | 5fc2ab1f5b68bad90195e8eab420ae66 |
| SHA1 | 6f4a2c89e51f665b5890be6535117743da406169 |
| SHA256 | 20cf195540cdf1e6386438ff90f3d3fc269f49c4f2d5ab6e9f70adcf4715bb69 |
| SHA512 | b5985e5859cbde75529cf23746285d0d7cc4e74eae5dce09a9dae97ccda824c92d51464adabdb328252ca8e8317288957d754ffa209b202ca1d327f12db72deb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | db27a530d6e974ff8d7d3cdb1aebcec1 |
| SHA1 | a72bb04413f6e67115cd056fee97506d3381a371 |
| SHA256 | 12541afbbdbc6ba9329d3dae7adb2fd9731323ae04153137ca62c30559249f1b |
| SHA512 | ae3cdb77bec74f25ad1379348693330d924d156b3b544d0971766fdb0cef3d072410484e5c195ec1955ad6c8b2f0bb3bce51753287b01b99e5943ebcb07cb8ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 308fa337c50b25bcf6d76944630a229f |
| SHA1 | 17423f0a8ff99a3e647d910db7da10150b88f3b2 |
| SHA256 | d1094488d49f1bc6de355d9653d51f4437a4c15281b0855ea83d7c77872400dd |
| SHA512 | 491ad1257077c5260066e34122dbe2bc2f27a5641d5b27496234457ddd773f21726a39fbd44b0cf4082362ed9464786673b4e5a7e67bffc83b127c0eae75a568 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4d00dcc24fc43dd6e77af14ef2041ade |
| SHA1 | d4a6b345c78525ed30a340e055b44e11a6923412 |
| SHA256 | f18c7d8f4e548febb7a9a62b1253eb2dd3cf94b1b3bce7e69842d2ad308f55df |
| SHA512 | d6629d230d48d1d53fc3927dc75a8bdb07ba1fc36335fc8c3beee27982cddf8a281c8918c2697c74138b50eb81b44fcdaedde552b222b5b74da59fdf20dec31e |
memory/4584-219-0x0000000000F40000-0x0000000000F4E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4288_1279893576\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4288_1578894885\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d7650ae3cd389ebfa5a885fbc2bacfbf |
| SHA1 | 3e756b7cb346adfdc6d4723a5d113b40e78e89c6 |
| SHA256 | f3076c8e64e58a2fee79ec75fe5b4049bca986e8291457ca3e9091c6fff68e85 |
| SHA512 | f047cf34ecc7abbb1faf0abfc30ee741c43d4ef9f51577399c6f637dfdc9618dd8fb5c25ec8cc2e8db3c7d495c199840b4e31bc11c5f77f38842cb1367846a08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e226de51565d24fb56ebe53ba284d4c9 |
| SHA1 | cbc251680203949965a413d629dfb5c4a7397f9a |
| SHA256 | 267d7e3d7adb155f06ef83d89495b7be4d5edff7cc55c11c1c55c458b2678466 |
| SHA512 | c5194c8cae25398963f01a4dcaff3de2f2c356fb49ce8ddfd3e3c08f7762086b1be8f28c24c67507f4c5a1f6a2ee8ec92dc591635ec208623c7a7d9267acdab4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b03a7c65-4b69-424f-82bd-82b7dcdf1393\index-dir\the-real-index
| MD5 | 5605d21f6c78efe45e34a3dbd31c0489 |
| SHA1 | 63199596b8cde1a27c81af3c270dd1f2eb85af1a |
| SHA256 | d6ca3ff5295d91c5890f926afba5c00142570207fd1cb099ecf61689979a0683 |
| SHA512 | 09550524cc29a49e1a37463f628099edec55aeebfc122f1cd5820ed9674fe32eff04f4720a586d2aab8a859f30441728a557eee9525a6fc2bc2d00e2300669b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b03a7c65-4b69-424f-82bd-82b7dcdf1393\index-dir\the-real-index~RFe5842a2.TMP
| MD5 | 41a8aaf631df1756a17f826574deb7c6 |
| SHA1 | 6ef06832ca3f625d189fd1fb43d6ee8a3ade6d7d |
| SHA256 | 499ee9966e9c982d3cc08f43165b769622edbd8d38e078aab8293842b501e3d6 |
| SHA512 | baf227363d125dee4302889ce30f26a618818feec1f17d988d8e971ad9029692d53a632c796cb3a8e470756812c689dcb052cb865d880989613e695124d2bb8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 434e8d750fe94d1844143f4296e045c4 |
| SHA1 | f49c9124f56d17a783ca327ee85afdfad96db6b8 |
| SHA256 | b9e3c4985f30647ce9b61c47e3a2dd3175ca673d05b1a31f0dd64308535f9d49 |
| SHA512 | b1ebb9d1649557dfced3e4bf631a63fc6613c83f6b2f834c89b0326caf051dffa3ff8a3239118f0c008d838627116b854fd51d45fdcc91e7298ca431f495071f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da36bfee-d26e-4266-9951-d9ce7d9e9b0c\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | adc450ba7e566f79abe0b6e8631b42ea |
| SHA1 | f2546b6d4510243a97e00cb910a1e25f0de1f29d |
| SHA256 | 89639a3eb94426315a229a7e858b642f07441e0770b84a61682b1af2a16c1438 |
| SHA512 | 3f2a25626cbb6057e2cb5912f7390f6ec112522ba1f04b38861bc4a466b729dc397e6c021d4a23bcd48c776e9d656f63afcc20f7a2a21b1e4f449370ccfe85b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 34245fc632f89c625616c9ba3c9dc537 |
| SHA1 | 47ec9420f52d095a05ad03dd686b9f7959d67e53 |
| SHA256 | cbe79ae5188f8819b31b4c35524dbc36beaafabe164f106436f1777644efb4c5 |
| SHA512 | 31a9d529a44f7758859edc5b3a1439f285816f79d2b8dfde54fa9af288ff83930164c53a4e1de49d9efeaccf1282d8d6ab87ca88e5d519fae2dfdfe868005628 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 4e7b417c6d09d1923310252e06cb4e97 |
| SHA1 | f97c52037d1c3f7376db8c938d7864c645b13dcd |
| SHA256 | dc207187c16e0bdfe11210fb610fad05d4a0f5c6984e56a4144a4f3ec39e689b |
| SHA512 | f461da1d1fe84cbd61e09c3f2b0ccb235d6203b62b24c0d254719527d195402286f5bcf0d467c6cec8100b576988971c8f62866d1048b582c9bc7557b5333b64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | f941c2c08f149ec278a55f7db3bdfee7 |
| SHA1 | 24b15cb166be8be824361ba53180cdb1d292af9e |
| SHA256 | 0f6c0b2a6d8a24a748eb606d40d97cebe53b9a8dd07c65ad07cc8e2ae190cbe0 |
| SHA512 | 64b7d47cd96af8ee27036de1ef430372e4950a9b75d0b2ea6d040e941fa22cbe515f8a2dcea6415eb129fa00b6f277ad51cf376e82ef2256aad78d04707dc75d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | f608f6949fa920ceebf1e456a41dfcf0 |
| SHA1 | c01b33d544b9f2bf8b7e82fe3fad7139efdc6d62 |
| SHA256 | 860b97b6695f5a1b7766bb36ac868fe16d0e8c4e7d9aacb7333ea790ae1948a6 |
| SHA512 | 1ca6e96f0c3768656889ec552c3e9636c184e0c91921883c82527e9bb5ab927db40d48c79dbbd3962b35a668d6607484d7bc0223dc709aa4fb79f53ee36be3a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 94fd864eff41d2466c55e3d0d47e92c7 |
| SHA1 | 2c8ab5e8d1ac7f09af3c09de7575f8ad55706094 |
| SHA256 | b7b245e311013279605a274aacf18e2f9314ea6c275aa4c54f7676c63f9b9248 |
| SHA512 | 4e1f2656222174c5442a5af47a63bc56acb71d8f34809aec6f33e15f6e15d6e8e81f72a8aff925c09bc2d4a0d9f55b408d7d8dcb7ec01519e431a3dd28e1f682 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | b4e4c40ba1b021933f86142b1010c253 |
| SHA1 | 8901690b1040e46b360f7b39ecb9f9e342bd20af |
| SHA256 | a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae |
| SHA512 | 452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 248676649aaf540ee0a9767afd04648e |
| SHA1 | 05b38baec7080357e61dbaf87e02b51a9694dfcc |
| SHA256 | f6fac9f47e202dd74bdea56638a04f0603a67056d292489f8d456e57a445f3e8 |
| SHA512 | 8e6ef0ca1b83011404880e073b6822af7395901031dc227a018369eb0c691eebe93ff9a08a67ec7c1e269c5e743aca0f6290412dec91c80fae04033ad753f6df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31fe15fd344585ad0583dd570498b985 |
| SHA1 | 2c1bb4e469f50e42471b0b54559a8eb6a02f1b31 |
| SHA256 | 97c4ccd8b0234695f1a5113b9a9f0e2d21ccad4e4e0ffda8b307746deed19cfc |
| SHA512 | faaa5af3ce874a9a30ff4aa54c522626da49fc49130dfbbe8b5b3599a0e73a45c35372b0348209ac2f823556e835223634f49abe9800777468845f363e0fcf1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27922821d1d282190490f22220ce9401 |
| SHA1 | babadc96f320a12e5afb28c86465186591782d6e |
| SHA256 | 8c1d4c588f90b8dbc6723649b992dcf39b7613889e6e1271b71ca885e3630a78 |
| SHA512 | fa7ca7cea91dc035f79a3df8b46b7ed53656356dc195ba1899fa6b747c2a59eb2d7ee77cd6470cea11f5e535acd88dbd9b4d37070e828b2e682bacfbe531721d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 00fa0feb3ef1412476452b76bcec8004 |
| SHA1 | f5ebe49af8ee739bf39c4784341865c9e240e951 |
| SHA256 | bb7c869ff3ece961b728ee4a1fdebfc660b8c1decc5548295e8b1d94820c06cf |
| SHA512 | 569b3e6812a87b1d092eb512836c19c8b9f1123a20f19b68944d9105e2f1c5be7c0e0f511cd110b1a6c68ef8e83c7219b74f132dd815ddfb5d841e15374f755a |
memory/4584-742-0x0000000000D70000-0x0000000000D7A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d1a4d4a6016770c28333b4975bff9f8f |
| SHA1 | edc07ceea228545e07274da32e84c608d8188e39 |
| SHA256 | aaa4ca04fa125b4102809a301a9e3ad2b549c5ab457453165ad521b8e8a2b1d2 |
| SHA512 | 9a9aff3ddc3130aeefa25e6534919765f5dc150a5f0400aad92df7478d6757acdf48cc18066997c7d1d12b9bef083f83452cad57c175be62c191b94bfdc30045 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\46243958-4459-49c7-9afe-d32fa4106611\index-dir\the-real-index~RFe589cb8.TMP
| MD5 | f23077cdc0ecefeffa35fdb816c77e53 |
| SHA1 | 1131ce0647aa8743d1232423aab2d9badabda288 |
| SHA256 | e295b0c4ff7660568b67dbc97fd6718907e0ebb3064f7ffc8244d4390177acb4 |
| SHA512 | 7b9049a9706c61d9d804f16500bba96ada049d656238e09843153f5f1de2f6847712afd31068f9183d450dca5d1a2d28deccba42dcfd29f1f4ff06c3a27640db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\46243958-4459-49c7-9afe-d32fa4106611\index-dir\the-real-index
| MD5 | cb117ed4e38ad8992ad8d233d0470548 |
| SHA1 | 6fc801a174e0f8ef14667383af46a22d117e8c4d |
| SHA256 | b34aed64427150663eaac5babe5a620db5dcc6efab43842f81962573f4019a3b |
| SHA512 | 0b4ad4c351f3bd2b566bb29efd6d611fd4d002c0145d36df1dd336db736a13cfa01a4117c297ef35e043d20a6a1e0830bf437ec800fb9e3b727e32f238b213c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 07f1402e101b11d4e0a827efe6aba9d3 |
| SHA1 | bdb4399685938a1320a0ef9d2010da57550cca2e |
| SHA256 | b5bbeb2af21ffc12dda58d7e04ef436e4e375fa48ab9a687d378b9ad38aab6fe |
| SHA512 | 4269030b89c70c7be75588c850c6ebb20b9e62a3f29c0d344641a44fe2864ebb7f8b54c08685954c49eff6a2b3cc525bffae5d05988648120c0b467f423d27db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f0a7925e7f478ea65f187c1a9497b92f |
| SHA1 | 66f0c5b0e04a33018ef421694dfa76d819eb3220 |
| SHA256 | 52106204b7100fb083224c1d083f86c22dfc0b1dd911ec6c833f167ba396d3d8 |
| SHA512 | ed1dc928de4eae0605a4e9d48dd7e46bc91f6cb14214e2b12a030c96636d5be1199175c5edd5bc2898da52bfecf9828ec1c1291acbbe1906e8c3ff0c93b6f2ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 478619f89b4ac58e5527638210bfabcf |
| SHA1 | 21974f6cfafc2c4da22682c870431c8c22b49e73 |
| SHA256 | 81827710f0a4ec08ec9ff507cb48f9e64cf6aa8ed6b7a65b4bc48388e6d6fecd |
| SHA512 | fea59c0551d34cf222da7a9accd9075d9955c0452f0c8f5bcdf6e160ac19d0af280c8e54caa288d7d7b49f107de4d100667286987a83da4a33732f60a952e174 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f335.TMP
| MD5 | 38d7c337c31e0011ef65b99be6970b9d |
| SHA1 | a66cfba761b857391587a8ecb01ba91802461620 |
| SHA256 | c10ed639720c644c2e0e9a1494a9d62bca0a6cea4bb127124dc7dc942ad3253d |
| SHA512 | f6a8f734c9e7dedd989179d61a1ea1e49a56eef0d2952dee82bc6b0e3222d5b99f259a2f7e468478e2df395b445e7b30789f2851c2a215f807ad7084cdce0956 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6fe9f849117d35e08176e958852745c |
| SHA1 | 273e293b0b5326c0388a7bfbf7dd148d0dfda7d9 |
| SHA256 | 09c7a3f4f368eb55859dcf1a63abd9e954d0010ebc39d43adc83a9b2d05d789f |
| SHA512 | 4ad42461eb6251fa70ee2fafaff8de8f5729c90a1a69ccb03f7e8eb78c38e0f334e67a877ff6ad36c71064e86d6732b0db25f53bea7323b3492c3b44ee2bd362 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b03a7c65-4b69-424f-82bd-82b7dcdf1393\index-dir\the-real-index
| MD5 | 8345e6a290b992ecadf162b0c5c47ca8 |
| SHA1 | df11b9ccd2e1b62c9ca75a2cba2c7cb8666f2f4b |
| SHA256 | 434a2c6bba2bc5a8cb6d56f8725d90536a8df4013afe3b2be0c3f3a055673a3a |
| SHA512 | 07d4f7382e4c5df59aa8c96d82ae1faf712b6d4b6d8d0ea84f0fb63bc6b5c7c91ad12065823b67958bc0019ee9a9a4373610c0540df050bd2768e42f2ccd2319 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 846c22b8a17a08362a22ac3ca6741121 |
| SHA1 | ac72b216b2a443fd463d853c22add3c8c3ddf412 |
| SHA256 | 56c9dddeb19df9a141428122e7531c394099017f3676f4884954474fff4de5c8 |
| SHA512 | 78d6e09bda563af5d53abb1c36d4baf8e4086b035a0e1206dca306e2a2d3ca221955a6aa8aec2a46b522289684ac243f14266c35cfb5b3d69130caf4ef52f263 |
memory/4584-1014-0x0000000000E40000-0x0000000000E4C000-memory.dmp
memory/4584-1016-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d64ccbb57f47827f64a64163423ccb69 |
| SHA1 | 75fd7a11752b55fd96404353579ea0be0d061111 |
| SHA256 | e1c7da380453873029f9b4a93ab141b7b348edcbdc69cf26fc9856b05537b6ce |
| SHA512 | b1bc56036d0eb16edab1a9745cb307b54fe521522f70b2a6ff9360b0241c3a7fb4eb4b2e61aee760186f0f33e6f8efc52fd94c0589f6626ac3443d536971d5f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 03e6547f0ac57568685bb4295c6800d8 |
| SHA1 | 7e0e767469a30124cb96203f74682924bc407e68 |
| SHA256 | f35a3ef6e38a8b5e54026cc0183d4392dfaecf07d67a4ec186bf6d9e1835a291 |
| SHA512 | fbed6c6d9c254e2effe2d648f414e76afd49fb93af54196f3c6d37ad3148f39686cc1c52b5c819c9a330672a8a2bb00b49382ed042da3db1c841d5baf9702a2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 09b1e84b51e0eaabc98033558b24781e |
| SHA1 | d97a9a6a9571ddcbab616bd809d35c088ef2bec1 |
| SHA256 | d88225af3c58613d4fa3bf1499f02b262abe18dd05d899ed5470f15e8eb63f0d |
| SHA512 | 15b845cee34bd5573df5af307fd86bc8b054184f381d4cf6734de969447c3ff216f85463e7fefc01dd7f13b1216e5e5f72661a84c1f3dfafb335f7734d4bdff1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f8c85b4466e1f30b20fe03aa25e5280a |
| SHA1 | 3dd5e7b4f21595ab94a827faa1a1a908bdb11d20 |
| SHA256 | cb9b4450f3f19d03e918f4bbf894fe3252383f372b3648fa74261a3d431aea75 |
| SHA512 | d7c0c699ca69301ab86fa45bc44da3bd91e45a99a259e752210d0752818f6ab8b904990d83b462f71ac20a731d4fd789fee9b86817bd891cfe3ab9a38e694f57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ead90ff1ae5c66b2a61c16a331d0e70b |
| SHA1 | be8973fb9f12ed6f133573ce2fb842a690c0268b |
| SHA256 | cb9e0eb7501ab45b3cf249d40cfaa9fb0c88d49f0cbf7e71dacc0d450b5b3833 |
| SHA512 | 4f652bb9b737301855584ae9c5fa17d30025dd9c2315f992e4b6f4b3dcf48b13e77f24ec0ae8704ea57c42982f62d4cb6f8efec2316208c306059ff45a9acb3a |
memory/4584-1158-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 060dd7711b9751a5079a1fd545b1d964 |
| SHA1 | 39039dd89ebb24ab0c7f9c82cb01fc82933e3859 |
| SHA256 | 1c780daf06c3a9c7c6009f1b62e0afd419cc349b1941baec0581897424adda60 |
| SHA512 | 8b9f577c7a78661593db924704de4703b093cf51e0d9853b3b64e2e954e3dfb6811fb7f7a25ea3cb7f6b8d7480680216123bec9a688a7b2e9bd048bbf7fe3194 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2721f9c203d1117d46afe677652e2ffb |
| SHA1 | 6260a0f36fc719a12cc0e141a38e2bb3492b191f |
| SHA256 | 412656d29f9b807fbb5cb8c59bf63d094aa634b74934ef1970257a43160b1f95 |
| SHA512 | fdf59dabc2a75c01cf8bd8cdae5b6d70a6fa3f3be79498397af546f19d4f8c8efcac969ddcaa5018fcc84d5285e052ab4c88c0e435009052c41e8a684375f171 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | df1f3d440319f44e76286cf9086c4640 |
| SHA1 | 2f7462940daba97c285d1c71a8b20a867cad33b4 |
| SHA256 | 270cae77e8512f93469e3f6014e86eee24b76d8f8cca1b31053b84aecef9f106 |
| SHA512 | be6939e3c7c726a29f815b06ed834fca4670b0be69683daa82522073c25c0968294e6e678d4e536d1678321c0fe8a3d669550da9751f410797848aad805a4a66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ba4e89b4433f38cb49562bc691c0d448 |
| SHA1 | bcc5086df8942751b8de1ceea4063460013fae31 |
| SHA256 | 03228588a14147048180b67500a98461c06dced6266dd0867ec9474dc80e5f6c |
| SHA512 | eb5eab056d62365572108cf93775513f55cd12aeaae6a72baccb93ddbfb17da2ea76d03f3caaeb062cb617ee349046c83016d7ed641c928ae3dcf43f931be8ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bb196125523fdbf566288d6cecb9c1ba |
| SHA1 | 8b0978293006036964754d42b11f5b25dfa9b734 |
| SHA256 | 4e6bd371247cf5b60035713fa64c5b1d3db953efa8a86bc238ea81042f3fe15d |
| SHA512 | 1b32c400ddb52d9f8261169c8de7098ee3d4702d8e6b5a2f894f6147bdb7220be9816510a4e525ae490011502639fbe5827db4a4ef4475545583d3c4dce5bcd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fa1818750684dba06b012c3b6766e053 |
| SHA1 | 483574455645a0f7b70e2b28b5713aed6268da9c |
| SHA256 | dbfec0afb1c8e2d5a0110304cdd301cdb5754b3dd52ddf9fefe335afc8579d65 |
| SHA512 | 826fda02a39e6c15b45d8b167ddac4aeb57ec4f8cbd00a3cb0c773cf56dcc56ece39bd81b88397867f9857e7e42957cf78fae1896ba3a72752f187a3e9e5eb4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\37701615-7ba0-4101-a146-3a555ac90b96.tmp
| MD5 | 0f152e53ff6d47729d03efd3ad4aea67 |
| SHA1 | 75a54372d096f971029fe463da3443fe7bc20e35 |
| SHA256 | 73fe8905715da809034523dfab6b108efb98ec79fddde2fa9b0e5193e1ce9f7d |
| SHA512 | 1483d1a767bf9af2ab0076d97eb5f4f2839e132fd7a0bdc6c6479f9f8db5d919580f2b72b3e7935f9d96d13d7a9356ec6ef48f4e4d9f07f2445e002c5f725f84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8ed2768c7f50b0613bd61a33ffc8ccba |
| SHA1 | c91b3148755de721ce48cd90167db738fa116f41 |
| SHA256 | 38ca6dd6c84541ee334c057e17d8446de901676e95bcb67f0099f1264ceddd08 |
| SHA512 | 889a1307bbadc53a933a3cd5218891c8103b004f2cd19004604932a60183870e00f0861f004a3c50144684b9584fea86490e2e3f781cfe24c7dd1675119331b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 510f5e76633abe8fc0b1c42ff33520c4 |
| SHA1 | c58785e948fa8b3919f4bbf966e485bcb75980bf |
| SHA256 | 28a0c932e1b8130b6e5c196c421177f0b4d8f302dac4575cdc3fe693f22796e5 |
| SHA512 | 1bc1ec1a6e42459f6b998c79b200dbd224adc6ca5ca5c53d993d16a368efaa8d81c232e5b2fb6427201a1d9f035dc09747368641324ca7a7f956b864c22d2b40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e57de3dd8e65597df665d33fed2142c9 |
| SHA1 | debd00078264231868ce4f7c9263e1c8efed7312 |
| SHA256 | 1f5ec5ed496ceb3f69c998606766acd2e55f94bc6a06e38e04ed275d65a0e8e6 |
| SHA512 | 0b080da7fc6fd8d553481af41acc63b7ca37dba1ad4e676e22960fe49a6271bf8e1d568d3919efb79246354745df8a81a43d14af3ad9b6a53e4865b0a59fa9de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7613a8e624d3122fe8a0e14ce5e70113 |
| SHA1 | 24fc73111299c28352c40acb45055129ea181ded |
| SHA256 | ee0663ff781738fcff0d6c5dae6e841f4667ec75ba9ebe3e302e24e87a1a154c |
| SHA512 | 01796acaf47e7453c0c8eedd0917aa6b324be1c6f939e587553741a447b50fb53d24e81f50eaeecf588ed0d4b4ae721b1e9a9f7ea79f42417eb47b9b046a3fce |
C:\Users\Admin\AppData\Local\Temp\xtueod.exe
| MD5 | 3d8742856ea296642de5f6f4e881483e |
| SHA1 | 4da23beaf63ac14abcc65ca11f8d042956ef18d0 |
| SHA256 | c03e810dcb7475804f5a1b0f293d1824c7f45ecb155a5cf52e507d161ffeb39b |
| SHA512 | 09dc3ccba562803534d190172082df8d752a6114047e87716434009d32e014ab85ffe5e9d9a4412da9cba331c02fd327fa0815af5fdc08ef2320d582a2af151b |
C:\Users\Admin\AppData\Local\Temp\3582-490\xtueod.exe
| MD5 | cdd0870d855075fb6633b2c39ce0f038 |
| SHA1 | 0e4286daeb7fd59025d2341fb935ee621c478861 |
| SHA256 | 9f985188580eb280edd426622bdaa78689cd8054a5cec97ee4ec9d8e9eca8d78 |
| SHA512 | ec82e67b072c4a8efc8911301ffb5c078c4b67a21ebb344d4db84c8b76728a7497982656923f37e36a8d01697818326ca321a33166d5ebdaadec8bafccaf96f4 |
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | 6dbc070c8aada6a4c29f31d31a1e784b |
| SHA1 | 333d078b0e204dd59950fbef6f7ff426b0b31b88 |
| SHA256 | a149692be459188b48f587d220ffbe16025b16d3f844728f92fed3be63989a27 |
| SHA512 | 7bde1220754ba8ab8fd685975943def2dcb400ed5fc6cd02a819d6ea6922ad5c0d51a7d28afbd8e0986b7622aa96137825fe1a77e9ede8ac322557a2d5ef80e9 |
memory/4584-1434-0x000000001CE90000-0x000000001CF1E000-memory.dmp
memory/1148-1475-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 295fb7662e23bab10fb0eb4f67ff6525 |
| SHA1 | 84062e22f6e4147036648b9b4de3262a8d3c6adc |
| SHA256 | 0841a8a2f58910cbf5bc3c8c16cd649587c6895251db847922d4d60657ab24de |
| SHA512 | 09faf8f0667931b8f6729c506d18885f299ea294a840e31268c2438ce89932762a17e32f6c0f1d92c46bfca9f665bd2afb35ee7701f11c24b69e66aa146befd5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
| MD5 | 3a3a71a5df2d162555fcda9bc0993d74 |
| SHA1 | 95c7400f85325eba9b0a92abd80ea64b76917a1a |
| SHA256 | 0a023355d1cc0a2348475d63aaf6aa0521d11e12a5c70102d7b3ebde092849e8 |
| SHA512 | 9ad76ccce76ccfe8292bca8def5bc7255e7ea0ba6d92130c4350da49a3d7faef2d46b08aaef1955f3f4ea0a2e22451562b5e08783a79f794724584e409cf7837 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f178971a780adb525e63abb74f01eb6 |
| SHA1 | 977538ea3f6a43114067cf7762aff69775a6a111 |
| SHA256 | 9e1b42e0c1a6273587ae2cf3bf57661f137f121b815513e10f5b88e46051f81e |
| SHA512 | 44cf2ca7d7d6b402be8414b9c62f8d9f082e7c302b29d5e3b2a511d278146ebd8914fa98dc7f353e7bfd7e87c9f832d49768fe1cd431777a191cba61cb3c1c32 |
memory/1148-1498-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1148-1500-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2623fd71dd453d550c1fe3af1f799be0 |
| SHA1 | a103a1dd03d1ff4e40d7ea56323959b1f77a74ed |
| SHA256 | 4a5a288413292ec8f7fff272d0b5336b7ed7254bbd6d81638985356d352b6c3d |
| SHA512 | 36e8c11bc98f1f67cd26cd998132c8558bdab9e483bb824ce320eb8b893243e8a023a7666d098b7b55376c553222ac878e93b30fa40f3e64300a3ae77db72cf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 91ce170b7423e7f96a0e3b9639450e03 |
| SHA1 | d31a49f481cd6454313562eb68f0b417a6d4e315 |
| SHA256 | 652658ac8fc7db82741234009b30cf4196d23e6319ffad906347541eafde8323 |
| SHA512 | f40d70d6a30b4a6426711eaa41df7bd8256b28a903cee51426a84fb07d374e7f17f1be1c14da8529a108172c0256a5b59d9a20348dfa192557b82c8f45bc9b3d |
memory/4584-1519-0x000000001B2C0000-0x000000001B2CA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 2b3084d1033ef0f6228130ced19abfbe |
| SHA1 | 62b824877e702105a3b3ca3934f1bf886c051a96 |
| SHA256 | 7a0e1db27a6cc5c941a4d1077a69c4af402561558af9ad31e23aa5534a101a16 |
| SHA512 | 3dd9a0901997eca3ec0c5bf1129bbe546be934a817a3e8c0a0d704635149398ebf9edd025d1470cce1797afdc47cde1d9016ca36b7a86288ee8eb4d030fc4b22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo
| MD5 | a073e24345f96d305d0b49b33765b4ae |
| SHA1 | b336336c01d31e6db63d6d7ef0e9885a6b672311 |
| SHA256 | 21b51e315ab4605c74126f9bb3cba268451b87f8e175c905238b007f01dba815 |
| SHA512 | 5f083dbf4b6f43ec4190deccdbdaaa1bfacb32dd2286f27ff69951b94bcb5d3b213141a1d0ea9eeae0650bfd7a3bfc35c7c3b5f1e234dc4002ff1bdc3cc726d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0620e74d81490ced965eacea2e5cb8bd |
| SHA1 | 474bb4f67359b0834ef826ec4932da09759106d0 |
| SHA256 | 1d044da6063db95d50ea61ea37946f88e89ac13f45a8bb1564f0849d7df78cde |
| SHA512 | c61d7814b030b7f4515a0abc7ec1a8be6e9cb4d36a71444972b9036a53fd5bf5b31300aeac23af4b36d6d49ba05155e2433f1a9127673137775af54715b376d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 322794b1b24dc9b35b999d2bff7d8056 |
| SHA1 | 18fdcf283ef85c78e88cfbc640eab97d5e81451d |
| SHA256 | 2b153e4cfd381bbf94f2ee4c1166ce55b8b6c51107dc93188815637ba43c2ac0 |
| SHA512 | 7403982a1fffa262255dde5c25f674c50e90e08a0326a1fe108a718c5762218628b0ec28ce6fc23d17fbfa9b7f4917d5c4a359b31cea5fa972483387fbb88972 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c89f7d6848e1184117dd0c8024dd55c5 |
| SHA1 | 5ec001e039e7a94eb5b38bd91da6a8b3d10d6d58 |
| SHA256 | fa85bcf62eb0e2898b2e5e994710033573b4efeac18c631b4374816a94eb84a6 |
| SHA512 | f9008d91512b4b48be8dbb04b4ede0a2d79a196bfd7d7683f198af019e7e28aacc32a78f52d1e03dfd8996f1654e33069d3fef066ecb4ef0348e04816cf8bfbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 884c087a43da7dc2b69b1dada105a20f |
| SHA1 | 91fa724c2f7dbce2cf5c592363a4b690def2d58b |
| SHA256 | 42a6d647ecfbef6daceec306dd6d85e55e4d96231853241c17d9699d9a3ee5f1 |
| SHA512 | 39cd79ece91eda64dcd911ce960395e314a830b0c1b6a070e61b85c1762e3e3f96dba13c7f0ba1e06ec59fe8549d3a916b034fd64d30e8d76f32413562825800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c910e5ee47c75afd482c86fe26dab28d |
| SHA1 | c62158cda2cb6fa7558137f6d826ac2a0a591302 |
| SHA256 | 2cbb671278d315ea66a6d2980df54c759c5604d6549d2f68bb2dff0217f6d2ac |
| SHA512 | 77ded3a28fee70d66581e28c9d851f26262592e5ced7d2ea15ad9146027b98fd81b513cf70bbb74bc3643aa7b11346397bf51d01bbb39c2ab8004db761268275 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9943854a31d1e0e20598ac1d43387a23 |
| SHA1 | 504c53fdba3196dbc9e038a142f26aba0a1ff076 |
| SHA256 | 64ea59eec2ce7e5d9f9707aab57f42a7b6abd0ffdf27cf69b387a7ad429b8117 |
| SHA512 | 271d7fd6801ff996af3a8672637c9996f9862e4b16807c2c86c5d353d943b8eeb64fcb8cd2a8818a77bcdfc2c69ad0055e21434df9ef77507f6623ce76e63da0 |
C:\Windows\svchost.com
| MD5 | 991417cbe1ed6b8a1c11b9b9c025ae74 |
| SHA1 | 66cd1d414740c6bdecde566a5b0cd700c46153bd |
| SHA256 | ec227d1eb8761846b71350dcd4e8c8d3f5dd74aad80d83223a29b454b520ca85 |
| SHA512 | 8b41324550364728c2923dbdb6713c8afb7d17e31f941ce5cdd9378bf6da9dae348f05691f19c3c623276afcd470f2b5e8c5d4d55536298852473d58d2be43d6 |
C:\Users\Admin\AppData\Local\Temp\xghnih.exe
| MD5 | ab1d6a0b504e8302bfa1761e8ab6198d |
| SHA1 | 982fbb07d7b18bf160f3111711fe5c194f7347d9 |
| SHA256 | 33a4b7269c1ff49c478d1da7a466d64a6ffdd8aa34f627a284bb5e6ee0cccb4a |
| SHA512 | 8c88f1c61ac71a8dd2a2e89c0278c64576555a24e5f011898a4941fa1ebf501d0d2b19a9ea64053c55f703ca4440d2e30d30abfcc7a9f814a9f010c8dc156e17 |
C:\Users\Admin\AppData\Local\Temp\tmp5023.tmp
| MD5 | 77ca6b1aa49a688342e68a2b6731a282 |
| SHA1 | 4bcc2f52024f42a2aa98c890278a0d2c2847aa52 |
| SHA256 | 8fa0793ad77814f61a58410ad15031f1dd75fc739853177c687e7ff108500b12 |
| SHA512 | 88030d64d19098155dfaf28dd197cf530af22d98a53ab8c7eff118edb8befe73580e0468b4d9b5c889f36b94d79d9f7bce371c0abcd5aec8a0393f95bce28402 |
memory/5104-1704-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | 5119e350591269f44f732b470024bb7c |
| SHA1 | 4ccd48e4c6ba6e162d1520760ee3063e93e2c014 |
| SHA256 | 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873 |
| SHA512 | 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4 |
C:\Users\Admin\AppData\Local\Temp\xghnih.ini
| MD5 | c00ce9ed943065e34ae082f0dc82bb89 |
| SHA1 | c5d364ac6c9cf5a132104a9aba36306d84ef877b |
| SHA256 | fefd534f4da1143b737a1b024203aadd65154ff969b3fa5ecd2b8cb05caf066f |
| SHA512 | 86645fe0983989c98a11f84f60a292298679df5b0f79b52b01e1eab3af4fdda73b5a6405ef6d27329311cdcd5798ccbf29b2a31dcf177986a08e77248417a752 |
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
| MD5 | ad8536c7440638d40156e883ac25086e |
| SHA1 | fa9e8b7fb10473a01b8925c4c5b0888924a1147c |
| SHA256 | 73d84d249f16b943d1d3f9dd9e516fadd323e70939c29b4a640693eb8818ee9a |
| SHA512 | b5f368be8853aa142dba614dcca7e021aba92b337fe36cfc186714092a4dab1c7a2181954cd737923edd351149980182a090dbde91081c81d83f471ff18888fe |
C:\Windows\directx.sys
| MD5 | cc2f3b51f2e78cafce999e604a8b3277 |
| SHA1 | f2e64b7d1f0581052cbfea99a8a809922a62e69c |
| SHA256 | e6475c558d13bbad756c32a904648acf36c3f9bddd7aad597847cc159696c06f |
| SHA512 | 2cba040b4f1a5e137e9e44b1364ccec43173b677a24a3318b599c86ea4482ae2aaeb9f2af3be72fe6514dda0879b0bd506acd1e08b48f963c6ae446fc06cb6a1 |
memory/3204-1756-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3840-3523-0x0000000000400000-0x0000000000495000-memory.dmp
memory/3840-5554-0x0000000000400000-0x0000000000495000-memory.dmp
memory/2488-7266-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ecca8993047150870094c763386eb4e0 |
| SHA1 | e77376a1868359b6270fe9924477d645bd5d7d1d |
| SHA256 | bc2822a5efb199dcc655254b162e8e690280697a639ba9b6901133798470dafc |
| SHA512 | 28eee493fd526ef4227665583b28d600954d71babf027c2aa6bc8d72684d4ebe8b84436dd75a7fe29b6d17c8fd91f27a08e4d9deb53e8460a518bd7c09ca297c |
memory/5012-7277-0x00007FFFF4F30000-0x00007FFFF4F31000-memory.dmp
memory/5012-7279-0x00007FFFF6A30000-0x00007FFFF6A31000-memory.dmp
memory/2328-7303-0x0000018F1B530000-0x0000018F1B560000-memory.dmp
memory/2600-7304-0x000002CC5D0D0000-0x000002CC5D100000-memory.dmp
memory/2872-7317-0x00000287E3740000-0x00000287E3770000-memory.dmp
memory/4264-7322-0x000001ACC35E0000-0x000001ACC3610000-memory.dmp
memory/2484-7345-0x00000282E0D10000-0x00000282E0D40000-memory.dmp
memory/1368-7368-0x000001F00C2D0000-0x000001F00C300000-memory.dmp
memory/4492-7370-0x000002C65F220000-0x000002C65F250000-memory.dmp
memory/3796-7372-0x0000014A88410000-0x0000014A88440000-memory.dmp
memory/4100-7373-0x000001B261C10000-0x000001B261C40000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2a589cc59457b1eb1d5b87c2a80193ed |
| SHA1 | 0b24c555fd41a0765e3decd2e55dc715917ac669 |
| SHA256 | 52c91bedb3318c7e4cb67ec5f0b77f9a301cf3517c60587b009ba919db1fc0ed |
| SHA512 | fbc3562267e3a4a4ef575108ab15793baa46eab3d250215cca78b48e58b2fd351ebc3a0b98d776d491c8c4f03aa076cd614395fc0783dc47c22318a150dfcb30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f03fa8bf5770028e10363a703d00cca5 |
| SHA1 | b80a8aaa287717086162e02208541e7b162d6a0f |
| SHA256 | e9c70086986da7eab05604a190266220fa83d04060646bf3410cdf8bd4fff6fc |
| SHA512 | 00327d885b229c5f603411ab07c892a04a0fbce38c85224723c6f7c8fa88a0f51b44d08f5596d6dd3da823d2eac7a3b46a6c9a0ad3ca735509bf01ea5be44d3b |
memory/5012-7393-0x000002B04B760000-0x000002B04B790000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5cb7e3ffe3cc6a5d574a9e90518f9e45 |
| SHA1 | 847c42b298e7272b3d5de576a49b0d7c5731a3cd |
| SHA256 | e069d406a63803357750c08b761efd843a828c8b69ab1dfd1ef2bdff745dd85a |
| SHA512 | d8401e2c26774a16339a802722cdfcbc69e08575e8e876b23247798e90d8cc642c848ac5e3a4b2eb3c28431862973138d1a404194bf199c00ce1ac4689afb8ba |
memory/4584-7405-0x000000001E870000-0x000000001E98E000-memory.dmp
memory/4584-7456-0x000000001B6F0000-0x000000001B712000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7b081fe44d7ebbb674403c556c89a463 |
| SHA1 | b1b248ebdc5bfe30f072d65f0dcb536db161a177 |
| SHA256 | 3982054ec4fcac331cb28d852bec81cfbeb5c290ddf7f2de5873da89d5df6df7 |
| SHA512 | 0c970b92b00bc9e4f29bc9b54a82ae1cbd30405e45e27f589a6f28c679344f2a5e22e513946b459eb7b7a36b2bf041afb3f93a32d77e73d1c74eee86b2cb4bd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 978f7d6cf973b42c723a0a6344265a26 |
| SHA1 | b943a43ca7be1d60109f7c4908e4bfb00a89dca8 |
| SHA256 | beb7ef7d61fe41c4944458da73eb269a23b25934a73482d2fc78dfb24938b8b7 |
| SHA512 | 387af9185be9a3664f6ff47a22aa50364eb27bd4411a3d7962b9c67ff0d3188c0838d20a0e4a83cb367279b6d0a082826b2fd6de062f19ca90372696ad9179df |
memory/4584-7490-0x000000001B6A0000-0x000000001B6AA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e4387300eab8758d5fcb6bf9b094115d |
| SHA1 | bc4355e4d4e376448bbb056cb4d93a89967c019f |
| SHA256 | c6449858b08589083f033016b5e298aac68b456256945bdc04510b2946f1fa72 |
| SHA512 | e5e0780812c2040cb1e60a67c41cdcadc91cc79a20ec2d91c5652dc3344f72975399ed2c6821ce5cbccc86f45aa1452c2dca539a89e82e57e6407bec5f54ec36 |
memory/4584-7512-0x000000001B6C0000-0x000000001B6CA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a1626e3913d21712a1ecaf481a3ff3fa |
| SHA1 | 8299e30dd67846d522b2099850f21cca708cfe8c |
| SHA256 | 3e91c1b4d7ed44b361b5203ac5af1af1a27252d64c8690fff6ba62c07790d65f |
| SHA512 | 1114cd34a29d92cf53e9b0a04dcc7d95814a04852aa14986fe535811ee924f9674bd74dfad1679adfc4a157aacbe788b8c06d3ca8e51f7c7c9f842418dcd8386 |
memory/388-7553-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7552-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7551-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7558-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7560-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7563-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7562-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7561-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7557-0x00000285022C0000-0x00000285022C1000-memory.dmp
memory/388-7559-0x00000285022C0000-0x00000285022C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4a6e24d25a2057ff4e9bb4a5a4d30da2 |
| SHA1 | 571ab8ea87ef7594fabf57acf46a2727880b1dd1 |
| SHA256 | 68476c054f4733e91d39f40fd21403c1849edba009a323d264918b95465de65f |
| SHA512 | 76b387b285b42cd8ecfc1990b2e48d1a062bc2378393ecf588df39dc9e7609afe94e4bad15b529a528468f01bc0e9b015ae4678758ba15be03910bb31c730207 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9150e4ba67651d8b5b353bf38e5cb586 |
| SHA1 | 7128fa438903666ffb335c1392e78e4d14480b17 |
| SHA256 | bf33834b48b42e0200f041d60f7c4f7814369f3d9537a27c4c195dfc23f12cfd |
| SHA512 | 45d783b31e2ed30416342abc141f86f8a5635f3e3828b21ba10f343a663a26e7b8e36c5c0cb140d81c77874911b1718e02be4cc3b63d4173970b1c894633329b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cbbba88cd245c4856cba13845884e123 |
| SHA1 | 3f57a2d40f55300d42d8b2e72a58ffd08e452702 |
| SHA256 | 3eab09bcf6d41cd421e49f9ee7832d5b3d9c5ba47e6da2a1a7e00c554c438dfa |
| SHA512 | 8f660cf6429b27882ec83ab9f6aba690dfa976b4561de68cc9a278cd42deb1dabd724a91fb367ecc18c32246414539cd3039594a6a7f3d10410a942309b3e90d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1752028c5b83a3e0822563946a1c1139 |
| SHA1 | a0266d6a265ae7d144c818446e3e507ee21ff74b |
| SHA256 | 28e0f2607cc0dae4e990d57b2d74903a2d8c475f3674d0f42446cc8b42a17061 |
| SHA512 | 60baa470a53082cea931f324769004a0ffa4cc1552dbbe5acf8d3123e89d4e6b311c2bc761debef982e3881bec6cb4783876a47c7b009d83c49e18fbcbd566e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c803b64c0e9adca260da33eb04180248 |
| SHA1 | ad99d8ace79e1dfb3f0167ef15f4b2a679a9eb3f |
| SHA256 | b36410721b9fd4a19414c123aaefb7027b44d0c666c39418a8deeff2a547a1bf |
| SHA512 | 344ce23e8ddd5412f3e7a562e1d128ae9f1226b6cb0854c185f147804305fd5a83acf5dcd35f3bbcdb7a8c8c62300d2ae35fd6e1151ddb446e06271e726a7463 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 32172ea9e5ffebcca36dc7dafd06220e |
| SHA1 | 7ae74656e98fca58f118d5929e1356f30f990b80 |
| SHA256 | 46f99236f20913f35b36d6b0f3e6dcb1c5c1edaa15551348c24c36aaeab75d2d |
| SHA512 | 2186ae658fbe78df2b72dea05987482b8a7dc77ddf9e5f5af4cc6a31ea94f262c8c39bb03c2e42e7c9f7437ed7d17a11c6f56b4201e0a13a0a2396276f640b58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7868b10ca9b99328c452cc7686c79d8b |
| SHA1 | a8ed9366d4bbcbebafb9a1969dcbc9439aacaa7b |
| SHA256 | bd0779e3f29ff909ea7bd6f9ab7e76b07412db0f8b712b3f42029ed2bda04854 |
| SHA512 | ecd29456d5d72b9f0484521849148cb57c40a960541c3854743b8ae0a89263f5ed1db81b2263f0fe80cb1dcd3c3cd4d27b7c3087330e679c5a4ec66b13c9e217 |
C:\Users\Admin\AppData\Local\Temp\eewdgc.exe
| MD5 | 37f62efcc36a75173c046c865e2f0e98 |
| SHA1 | 4a28ea3b45fe70097613b99c68cb6e2d2cefd4f7 |
| SHA256 | a20cc260e46af4a5159456762fefa7ac2bddc3384ef1f18d5c3f7d75d6d1a7d6 |
| SHA512 | c3d873da37ae75e6734825fbb94636b0899591c6e55641d7a74e4f8db6bcfc133b61ee54c94f55a0bfbd079b38039d5ac3402e27b2c90ff041c6a74e1be3c304 |
C:\Windows\directx.sys
| MD5 | 8a2a087adca5e7afd101c01027c8f6cd |
| SHA1 | e3ac852b5b3aff263d2c1b1170327ff0aafafef8 |
| SHA256 | 11e96f7c09846e23afc15818cf823f69629dc4efa7fb03c8098f1f71c63ad985 |
| SHA512 | cdca3807ecf8e7a7ff19128074ac0d71687b003e3364f5846d6d2bafa650346024a6a8986054647a1a8a08d1ef79e42893183f5cce10368aaa5501b1d4266831 |