Malware Analysis Report

2024-11-16 13:38

Sample ID 240530-b2lytsah34
Target XClient.exe
SHA256 e03842270991c28c9dc59f1a3fd4bba0883fc03d51fd8e64e02c47a324ea6db9
Tags
xworm persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e03842270991c28c9dc59f1a3fd4bba0883fc03d51fd8e64e02c47a324ea6db9

Threat Level: Known bad

The file XClient.exe was found to be: Known bad.

Malicious Activity Summary

xworm persistence rat trojan

Contains code to disable Windows Defender

Xworm family

Detect Xworm Payload

Xworm

Drops startup file

Adds Run key to start application

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 01:38

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 01:38

Reported

2024-05-30 01:43

Platform

win10v2004-20240508-en

Max time kernel

299s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\discord = "C:\\Users\\Admin\\AppData\\Roaming\\discord.exe" C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615067447296947" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2428 wrote to memory of 1648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 4260 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2428 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XClient.exe

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f291ab58,0x7ff9f291ab68,0x7ff9f291ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4292 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4448 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff75246ae48,0x7ff75246ae58,0x7ff75246ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4804 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://exmple.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eec346f8,0x7ff9eec34708,0x7ff9eec34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3424 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5076 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5372 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5516 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2808 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x394 0x340

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4520 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4736 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 tel-form.gl.at.ply.gg udp
US 147.185.221.20:2421 tel-form.gl.at.ply.gg tcp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 147.185.221.20:2421 tel-form.gl.at.ply.gg tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 exmple.com udp
US 67.210.233.131:80 exmple.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.233.210.67.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 exmple.com udp
US 67.210.233.131:80 exmple.com tcp
US 67.210.233.131:80 exmple.com tcp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 www.laundrycaresymbols.com udp
US 8.8.8.8:53 www.91cheesecakerecipes.com udp
US 8.8.8.8:53 www.exmple.com udp
US 104.20.94.138:80 www.statcounter.com tcp
US 8.8.8.8:53 www.milesgallon.com udp
US 8.8.8.8:53 c.statcounter.com udp
US 104.20.94.138:443 c.statcounter.com tcp
US 8.8.8.8:53 www.mustettatulostimeen.com udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
US 8.8.8.8:53 www.secretsearchenginelabs.com udp
US 8.8.8.8:53 www.simonbyholm.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 147.185.221.20:2421 tel-form.gl.at.ply.gg tcp
US 147.185.221.20:2421 tel-form.gl.at.ply.gg tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
US 147.185.221.20:2421 tel-form.gl.at.ply.gg tcp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 216.58.204.67:443 id.google.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 147.185.221.20:2421 tel-form.gl.at.ply.gg tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 lens.google.com udp
GB 172.217.169.14:443 lens.google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.169.14:443 lens.google.com udp
GB 142.250.187.238:443 consent.google.com udp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp

Files

memory/4004-0-0x0000000000E50000-0x0000000000E68000-memory.dmp

memory/4004-1-0x00007FF9F8B43000-0x00007FF9F8B45000-memory.dmp

memory/4004-6-0x00007FF9F8B40000-0x00007FF9F9601000-memory.dmp

C:\Users\Admin\Desktop\JoinSplit.mhtml

MD5 36b4e27e87683467d829fc7f367e507d
SHA1 0af921d0afee3c0c9a95f8e29a7ba26b518038d2
SHA256 f1682ab0dbd11d8c1d468f77f1f5673cd89ded75055adfdc66ce396ab509485e
SHA512 2be0e82ed87eccd5cb58057ed6cf2566abb816438533cdc07bed3e8492886748c51db720359563f589677abe751296d3642f02d59dc1490c2e191fe9be5fac57

C:\Users\Admin\Desktop\OptimizeRegister.au3

MD5 9708f2f06f0dba5ad9f2f83cc8d91574
SHA1 e11ef3013148097ef600dbd2ae0b1529bf109f9a
SHA256 03d30663bf6a0b2c5e80a8103275b38277c36f92c5e622a23e738a3f4006f5f8
SHA512 ab97333e39e9964ab9229278a6925c2f5e0f07c770a796c3ee93d654a67250d8214852dfd124d785d46320dd48eadd509e11b66e4fd4e2ff25172395d649d67c

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 6457f1c557069026111b2bb46d936271
SHA1 f191805065766f814c90e43b563e0e06e86916c0
SHA256 34ec3210bd6992f95932016636d3d0a71036c976cf55b44b2a4d6fcc994b9267
SHA512 b083a8f84ebd2bee4f55eed1f5bea8ed7c0eb325a18351b25d4d0453b2a7bf0fabd0a123dd8de009a55707fdbd262aa63282ee07ba6f4b9334931049d5e1bf0d

C:\Users\Admin\Desktop\WaitReceive.rar

MD5 6bf3888c22aadd942cacc4c2471f80bb
SHA1 17b6bcc5022d67a6ae83dcbc6106413d614a2c91
SHA256 4a8d2254e4578751b7b0acf24e0b590dbb4dc3ea84b713e8253673fd7826493d
SHA512 60c8aaa47a8a6e0508991d2c04ef26878157863a8de0c99e932dd2862c4c99c70c5a9dd17c528518157216bccce8b1a537e7177a7526c133e3092a5651818777

C:\Users\Admin\Desktop\SendClear.mht

MD5 f3c2ee43e10734df52ddcebf1465cbee
SHA1 3211fb7633030345c530ea1c6e03086a9e1ac2a4
SHA256 9e0239f672ee7d45dae47498065d2a083ee75f0a2b77ed5c16ab72cfa89bb268
SHA512 fd75eca634ba7e5be47c789949df00ea136e34fb5501e761e54cd026970023eeb9524263b0763158ffedf1952f0007c402714b01b4238357f2b5942fb9905003

C:\Users\Admin\Desktop\ResetPing.cab

MD5 156d89f84165df25ce0184d53982080c
SHA1 2e830b3f0c83d47e20429f9bf8c1cc1eb166cfb4
SHA256 3bae45170e76b0057c3f0a500f252fada6f0011f4d2371d50b07e37b8509e912
SHA512 36ceaa5ea022b968273b6718f94e2959be0c48a2dd2c770f4877aca41797561210f3a9cdd037dad4ba5422d129e038cf6ec1cd33358722e942dc64665e35960d

C:\Users\Admin\Desktop\ConvertFromRename.ppt

MD5 e536452397b041f7104e4e4891a99bb0
SHA1 dba7bafa4132d68236d49fee4cf1fa7fecd95fb6
SHA256 557c968b008112fea1fd9a4d3c00b5c28cf72872d29acb642972c81969dbb828
SHA512 ef0dddde969c3da6e7f89b3c28279281f64072c5004d070294da3c6afbc0fbb25cee7ad7bd4fbcd2b2e4b7af66fbed9121f29e7f2eebe2ac74080583b4187a5b

C:\Users\Admin\Desktop\CheckpointSubmit.mpeg

MD5 77c7717a714698447449d8f36d75c691
SHA1 f587a8eadabe0162160c035ac2d92c4a89490646
SHA256 d3c134c68eb98200ebe7db2bcfaefe7d8f683a3fe7dad1e96d6f0e26b1d91ab4
SHA512 c150d9232dfbb1e2fefa60a5d8bd6680e4972fb867e21919996a338ff3e597a2f482fbb468224fb8bd1670900717eb59968f0a6ea1f7e79e679457721a1a79bc

C:\Users\Admin\Desktop\BackupClear.vstx

MD5 77f402677298a365de0a2a784ea053bc
SHA1 f27f81b149e1e1cef89e9ed729f1458b279cf26a
SHA256 f73f78991ecad408f5829960bb06e34fe752694bd10bd2c47f5e735945bb9c5f
SHA512 9eb85f17820df5e0299e8fc5d72a6421a479b06f8caa91e126882e45b2525a876e2b8af4e50f563ed8875bf43c7ca43b72c0ee52bb998f481ab26a0f6d140406

C:\Users\Public\Desktop\Firefox.lnk

MD5 baac45a88c46f44ec092d4aa0ef92436
SHA1 0662390a1458f2b79ef5436c6f8521ace42ab936
SHA256 d527e66804325d1e80a63d503102a1ba3325dc76524d3f97710cb7dfcefbb8c2
SHA512 28d1badf47c986a5fc58f85b4b68fbd9bb7aafe31bdbb4b3e027275e8de9f8606b0c233823c7d0f9f4426a91a72ff79b1b7dff2b350a123b4cea7e515dd212a6

C:\Users\Public\Desktop\VLC media player.lnk

MD5 10c11d4d9404b7013a859543715137ce
SHA1 01b1fdf41a86f91a237f3490cbbe4c10936a0d7c
SHA256 8d136d5424d196a57507fe1a0899cd2d6b3ec758a86bad34a1cf9c45a436153d
SHA512 a2056faa5a7cda1673948f95c36002e7b217e124f16f1745e491c845057188599f7047220a20ac3bab480600bb830b67831d5ad471861f3dc72ae7dc0fe8cc30

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 45b344f6e87f77f19431c1cd63294bb3
SHA1 5ce5b76bdbd7b1d0ea361c330e1c69078afcd385
SHA256 909a9f81c890ea0aae20fc98e8e2574b6332a3cf72bf692c54879836e052a134
SHA512 5f39a058da4bd0152ee4f60809d524738a0ad1afa1be41ccbe225d5c99ef69496a8d5ca6b11cce7c739ebeae7d5ca00e2676ccf903e6e96a0a7fd9759fb40ff3

C:\Users\Admin\Desktop\ConvertProtect.mp4v

MD5 e383706571930aba975a980b3e4b4668
SHA1 3c260486125191a6e14165e77ad8834b6059eccc
SHA256 f309b457889553c4ea5be3a7685a18d6f916fbce804927bcba39cddcc339de5f
SHA512 198ba251904d3bde2e32064b02bd1f8ae54c4af30cbc698403ec16667f044f2bf4fe669708228e3909e6153fbeb7edef030d57cbaef7482c9a38eff8767fb076

C:\Users\Admin\Desktop\LockInitialize.wmv

MD5 d1c77ffce17ff7b1fae4126d51e4015e
SHA1 8fd1ac950f5da29607ff5c21318dc057e72df5af
SHA256 e6db68cd004b0fa440c6be87b8deb36acb49e5bf6868ecef80acb58afd837915
SHA512 927e17dcd6f3a7347dbf4d66b00131956e2c9ade70deedaf6332a3fb4cdd6a475d4ae9fa8cb25c0b8fdd1975b1a9bd127297beb8e49fc21035ed535f155fa813

C:\Users\Admin\Desktop\GroupSync.clr

MD5 4f2f2c0ed99c9386674e9a097a0a0620
SHA1 cbd87b9173d3df8daa5ed8252cc81bf00ebe5fc0
SHA256 82dba0270bf129627f1769399de46cf72bfbcdf79f82ca9c7f7db959f2dbeeb6
SHA512 4ef07e5a154171a841f48943bebd253ade86100c3ac7f95d23ed0c2554963a46d75db99760d6cefc879ca682f534c4141927486318e270178aa101b72e6874dc

C:\Users\Admin\Desktop\RemoveConfirm.mpg

MD5 0ed44cc54e6327f37b02a026d1666d7b
SHA1 3cb4de30f47f79383138848e84a6b03eee301009
SHA256 7ce2e6ede21bce19c4bcb26bd7cb7453829effba9b29f350d9ff6b12b77dfb72
SHA512 661018cc33c14a250454ed0d4cb9797ce8a2d9b9f5705a0085a883d8fb52264a76142aa93d72f7df312ffa25b17995a92bd916c708caacab92952a837466e51e

C:\Users\Admin\Desktop\EnterRead.inf

MD5 450b4481c74ed5319a8ba6f43e0a005c
SHA1 80a7fa1ba772233d8f4e669d52922b195a5bc8c5
SHA256 98fb40bc5efced5109170ec395239fb652065da59b5ffb3a77fa585d3b0eecc7
SHA512 b26dfc00f130c624317d66562643f5aa944e3f7fdbafdc02b60b4f6218982ad744807dd5016d9712a55dacc8672acb8c03ff642543486be15c2254dbee388973

C:\Users\Admin\Desktop\EditConvertFrom.ocx

MD5 d11fcc58171267305a248c3339781e34
SHA1 ed179bfc720c4c1394ddb913a01b9860b71758d3
SHA256 bfc41bdd9f119b70741593db2e1ecda4a6a2fbbbf5c96eca3abc192021ba076c
SHA512 7accde220deaeb1f737e1e1df4b963d2bc43c5d5ef6a96233981624eb10837a2a523055701734da0b6c72e5c9e243bbade32d373fe4446527a636cf2cf161bf8

C:\Users\Admin\Desktop\DisconnectSuspend.xlsx

MD5 a8adda99b26085a9d033d17adf270bfb
SHA1 1a3827de7a92c402ca28806fec735d0925382138
SHA256 65c625d11d9b9a68e0329212ebc09b1971293799820949dfcc36b9c1a88ccdee
SHA512 64ed64b75a65360532aa6e13baa71c6d46cc3f6121da16c5e1a572debfcb4637c62649106747639ed40a626fa7c021abe5b84a217e08053406ce6f63862dc660

memory/4004-21-0x000000001BB70000-0x000000001BB7C000-memory.dmp

C:\Users\Admin\Desktop\DebugRedo.jpeg

MD5 f19af155e36aebe30ca596f68abb1796
SHA1 2bd8e5f6d34279a6d1e651a8bb05daa16f7c7352
SHA256 9093e3373c322a49ea93529a6b0843bca85da0c79bcbe268e3d160f1c3376ba0
SHA512 d2efe3b1ba5639ae80396435c73013751f0bf943fd2072dc064414dc6618399e5945e7d883bf2c9e952ac9fb8d81e58783fb1e5b5b4cea7c9bc84951c1e1ef7a

C:\Users\Admin\Desktop\RestoreSearch.3gp2

MD5 8cac4a9928884d0725535789514f6c51
SHA1 9dabdd6c6941733b443af5a5cdd5558da36e722b
SHA256 c67294c89c9692921f8ee5edf6453e5073966f669543bdad126bf28fa13fac32
SHA512 0e6d7ca6f933078bbe63f271a8ae8d325afb040a38c0402f5fa0f5eb0d7ebcdea5a9713e98c0b2aaf4185044d17d07db7e70d8195e2fe59ca996c07a727615b0

C:\Users\Admin\Desktop\ResetAssert.xht

MD5 4aaff065503c8012b871546fde649aa0
SHA1 d301647829af07fc1edb44187fe5c2e0d3b6a445
SHA256 a0bf0f3fc9b26bcb81fb92f89479a075adf93fe4004c5591037a8e1cedcbee70
SHA512 5fea0a5c24ca61c526821feb0e43d501ba88f131efda5e8d09c39ac54df5cf71da4f62069115aa60b68be8cfb2b81a292e9f10bebb958536e6dd4311f9a6d2c6

C:\Users\Admin\Desktop\SetFind.mp3

MD5 edddb66b2a54c16ca769a64b9eacdfe6
SHA1 a6b33e03d5f05b9e191c7ff45e7c3151b40afb4c
SHA256 ca91705128fe4ea56f76c23af178489e9a8046aaac76e4be23c2ed34d73388c2
SHA512 b3c9b04937c4486860bf0de20589f88884cddebbe2e4801931da1fdb6611bde73ce2773d8ed550f6251cb9e1dc3e9c5f02f5c7a00797f7a33b0866378c71ac69

C:\Users\Admin\Desktop\SkipRevoke.xsl

MD5 f179589bd7ef0f318626bcb129915c5e
SHA1 7f50fb8dd6e6beda767506a9ca03a4d38faf46d3
SHA256 fef5a8a57b9e4166722afa6bdb08d4a3acd9b98bb65b8b56a154da6785de4220
SHA512 631be8e2f070222ee12442a38b9335fd708889dfa797e316969a3a5372fe9163764a5b808e281c91784e6e36fc29fa250f53756bea405f6b236c0e4428d63edc

C:\Users\Admin\Desktop\SendCopy.ogg

MD5 7fe8a674c75e28c19094930fc2d08ce0
SHA1 2de956d0a8c2e404917e4063e0d0bd59af242f86
SHA256 f4d8e070cae6252b7d496068ab2a49b52cad512ec426073ee542dfa3671b3257
SHA512 51d5d030c1d61312cf83d8700d7d678f6a4d6faa26a79689c276ca39ae8b07933b6259327cda386bc0d1b4e103c0d185db336dc32533938d75f583346afbdebc

C:\Users\Admin\Desktop\UnlockRequest.wmf

MD5 d82e57a97678a5d9e12b48eab30944af
SHA1 1236e460a96947619dd5e5e1095dc169baa140a3
SHA256 c443ab36d5064b2eafb2a4cf534bece4a0d8c8caa71bfbdc77fdd73dcd7cb4e6
SHA512 48ad5aac91445d547e9cde278b264e27a04613e7e8b39626bcef115c8700b4ed7a3a5ac86380e3d61d38237e078c3ac6e9e145a47d579b6eca8b8b8876fd99dd

C:\Users\Admin\Desktop\UnprotectLock.TS

MD5 2c19b85783c03d24937c72fe05d4ee72
SHA1 856941d188bbbf643d7f30e6bc46127dc160acab
SHA256 045250bd62032256236042f01fc2eb3daeb67a97e196ce926c6a154465b8b07c
SHA512 445cb5d256d1b56c8ca1ea473974e31f675b07935ddc3e635e5ec3f764eb470ce2de92dea92b3c0aac18517ae516404329296860b24d0217c03a335de22d8c3b

C:\Users\Admin\Desktop\UnpublishOptimize.DVR

MD5 9dc9689f799a0e588eaf7cdd025df9eb
SHA1 9d184f52624ed2048fc14ff05c57596bfc42ea78
SHA256 d7cb68607dff4b665984928eda1e044709472b72d31b519a794f5c836b828c84
SHA512 dc9545bb38067d569d59efd2629245b4d9321a3c4b7456d4285a375604142034dcae27c1d43b514ad3cda7438b936c8516d417d61cc4fa596f250924a0fc626b

C:\Users\Admin\Desktop\WatchClose.vstm

MD5 bf5edaede3d6bff69499c686a40ade49
SHA1 5394898ef6d9f02bcca0428b637669cb4bdda350
SHA256 153b216ee95c5b5e97dc171da476dcec4be193a4c5327ecd896b75e3ebc9070b
SHA512 6e38add27f7c33b78d78d28bd506f0df2dd77365646744ddbfd2a8d3345d917e7d4209fbd01e034fb2c4693ac4430d3a4107e8503fade23d6cb02b9dcf829386

C:\Users\Admin\Desktop\AssertDisable.ADT

MD5 e4a9d08d292a214cc89bc380d7ee18bc
SHA1 63d82e7dbc4e85210b0c50181e3a28eb7f5694de
SHA256 49b28eab3d82e0924e76995cb8e5875d745e11b73548b1d1c44a6a2be7a5e1cc
SHA512 b4246b55c4a13212bdc3112a87ba8c178090795b124d8e4f3eae42e35eb8660fd94a90c391d40acadc006f1ae7265fe0aacb2785bda954272358261f75d40b08

C:\Users\Admin\Desktop\DisconnectRestart.odt

MD5 3d7346ceaf55b37e55f95d72f7a89902
SHA1 63634cdda8c04102783e800dc7496c908bc883d7
SHA256 461247335f766ac8455b7448544bf5d138e6327c44df44db34716ac1efc24046
SHA512 02c39c37484031d91a3e84aad8c82107fdd3112dc9cce3b2070f3713003de30915b7329ae150f373343fe28fc29da5e2666218f5e91ceffadf830505b647d131

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0ae8a2070de1c1ab26d40aea0bf4f293
SHA1 b3f489ad6eda6759e9b1e85fe6e1394e906a2a16
SHA256 c1fabf845bc44983b0679d777323b60de2dc3405d6c1824fafefa75bc6f06c6e
SHA512 b98c9c36c8ce102292e9fbfb7369a1ffca58464c5bec18f5c0e31f8346a48610a73b843d871e3dd73ec2c1ea6bca527732a766c11b442c4a286d2dc98742c1cc

\??\pipe\crashpad_2428_FBKJXTINHTFNQNOF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4004-88-0x00007FF9F8B43000-0x00007FF9F8B45000-memory.dmp

memory/4004-108-0x00007FF9F8B40000-0x00007FF9F9601000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7be79c90ee2c75376c0c8dcc97d760b3
SHA1 bbffe0d544b7aefdfb271b68cb5ec782b9899409
SHA256 39cfcee9e7686d32687d14af29abd5f8bffab8cc47b1fb4762a0af065f7e9965
SHA512 d04514256df8d1019a561372821945ed0ac6e32224b624fe7aa0534502070172c37edeaaf07be8f2ee1e8f8bd18b7bc8878ec5da4aef2864469d8848b8847ba8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7193f7351eaef70344510d8e77c8a42f
SHA1 83a3923ebb104924ac0580593c4bd5d193935fd3
SHA256 3ba1fdc3aae51f5033037ff72589b22d038edc5b9cf6830bf1f7a8d26d8b09f9
SHA512 8e0232855d75014ff84539dee766eddd4a1ff4cff3a011347bc4f95909a9871f4a2ea5aa0fb8ac973beed134df3dc14842eaefc61a6b3e1aff6074aae751aee9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 f998b8f6765b4c57936ada0bb2eb4a5a
SHA1 13fb29dc0968838653b8414a125c124023c001df
SHA256 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512 d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 10a5b508f0dba183f09dc74879aa685a
SHA1 fc833b6fa0d181d74f830c3d64df7d8a12432db5
SHA256 1b0104226f65071032d4f9f3bd60a3da6ebd58f31801c38f607299955f383f5e
SHA512 be0ea49b03a6ec26168671c68c3a08c142442fd256f176b73261be96b7bbe59ce43157d84f90c1e0f57908dbd316ee17a3c606fd0f89035e0d58a05cf207e31b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef3736113a9b4101d174cf26189a55ad
SHA1 90fc239ae5f9aaad7b65da3108114b0279baffa5
SHA256 dbda70f4e561b85a92f2fc75cc337d971a120b744cf3617d11c002d088a10628
SHA512 d27205b5a5fcf4fe85d6451b66ea14aaccc6ca64b0c7a380105b0fb69fee543c6d2b63c65957251c24a6528c838105d6e961e551b1b5ddf46be17045bc0dd434

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d37fcc32da69eeae482482bdfbf148a9
SHA1 12e26a7a1c3599d8cb859a8564f34d2c87da9ad7
SHA256 59e0a40438a6be25ac94f90ea19f1385754d5e53da77cc2eb858479cabe08b02
SHA512 4a51add5a0f82400a2d0f101a66b78d2326746ac19a720e85b6fee8d7b1c49c21f172ebdf42dec0fd3c606a67d84892be55e7cea124bd2017ca0bdc420037852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9a7ff2ee976a6782009b32718169b711
SHA1 d5a25881a5932d3826d2aff1acb7b975e5657dd3
SHA256 8613ae7562f6d0bfe436692b629382773557a451673a6fa61649e510c65dba4c
SHA512 0ee2a19bc30e4ce5d134a5029ce91c45d6aa179e2d0ed1856b247032c3a20b3896292e13b542a77e410bcb350300978cd29bbc27768ccbe0af288f6a5b2ae6ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 57dffb88b5ce62d3e7f2a25cfdc893ce
SHA1 31aa64f05a504c19f2bff1fd3a9dc7b891ec6143
SHA256 a129385d51291293d036fe08ee20ddaaa313d964e7a6a7a8c4fbddc742f3a86e
SHA512 658b6fa8be0640066653da84c75a05a5c0d1acdc7d1ff74dc20dbb6f8f86c1d26f6f6fc438f56e693c5830ebc4f5f794f22baf210cf74aff66508272bf733e16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 459362ca298171139ddf0aad7f017c5c
SHA1 6bf932bef81ecab6f0b8795d9367a8030ef01db1
SHA256 ff7d8946fb3c8fbe1b892f8b2e51f6a241306514cd4d6d6c4f9bf9c7698e6f4f
SHA512 0dbcb201937e26a540317abd3dfb97eeade9f7e432d101862cd99881b6e191dfc893346269bd1e0e3e66332eed7bfd72231dc5a84ba0e1f1213c655e585b2485

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 efa3b79297b792ddfa72609e2389407a
SHA1 7c959b0d9c508607119d7c112fe81939169c8ccb
SHA256 04371cb7276a5868761433e311d805f97da580075fc9bf1a66f0a9d8ac9a4017
SHA512 1f08b7ea9823ae979382586db83b05c0d0dc5cb565b3946fb8134c0dfaaf61fdf80d6c666ceca6522964ac446d2a2e798e1f0eaff3dd2ab5cae88a793db20eaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90e2a5383e4d0bce9510cf32d3e2d770
SHA1 cf9f26028b71219dc76e76d26ed53123be8f8e97
SHA256 8d7d8a11631d8e26753968f5739f781b7e08c382e3e29d56c03083cfc30c998d
SHA512 0506ec9f381261f5dd5452a1cfd22292e4f177cf706a17dfced629d93616cc6b22df91645c11e13c88ca7c1a6968c2870d3f5619bab7f8768535415f51af5256

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 018919495c22dc5f7a4a0a82b24e9b70
SHA1 876f60e48de7f5d06e2f9897af95e10427ecadf2
SHA256 561854c0cdb56030ce7e03dcc6d7373f84d4fa5c3b7af4854aa53f786c18025f
SHA512 7480c469b7c610e66b5e9df263f53ed7811e91337f1260cdeffa2ed85499283a31aee464d115b71de1246eeda136d2df6b9269aa30896da5b7a4f5851a41a32d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583e6b.TMP

MD5 6fbc3e20a132fe424a06fb81ae998f72
SHA1 1990aa9339a60e7af10a452cefd6b6cdb6eadd18
SHA256 82405338194a9885861e4a57f0608f5e89e73e85f55a2a08c1a73aac3fecfbd6
SHA512 87ac6428c112eb46011e472bd2e955612930b48b3600c7d9cab2dc6672e1fead59cdfc633d2c3bc493c07d684ba49028f2875226965b69e2072f263bbb7118f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bda4b49597f92f448e6db6b7e45841d8
SHA1 f76c00d27f57a2abb67e1fb8d8dc08fccf099890
SHA256 228b0e9ca589d9485856dfe4a32a3b1fd4218d66f0913a7cfaf1be2cedf03310
SHA512 e43cbaaf6f3ea224128753a3dcd8fc54fbce852e2c045d769b82d3f20e36a7191371767fc8581b602560f56fdd100ba9ae2e059c674cf2dc21861e460aede605

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7c66676567c1e9096a2ee89d14f9a45
SHA1 01a25f00c16a9fa227f4c247a926444c0eb63c52
SHA256 0d39c51b7b3695927d8f02b6560f7f29a5cef744c57f2f2ee2cce79846817e46
SHA512 18bb7d9fd62b51ca9736922a27894c7ccb3abb423deb1d1f4773b1a3ac6acc01eded4bc0ed9970a3a25edfa743f20ebc78eed3ac7a2c3c9422240699e6a46808

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8ce13d66c334333ae35cc1ffe293446e
SHA1 5573efec21d812039abe8496dc0b50e39c3268a2
SHA256 55d0e5258bb2c95111b6c252e1901053740527f5e17a31bc13e3fc88fdf48b64
SHA512 ed5d7cb88bcac1ac4f653e9b63f436ecc4bece9277f0148ccbe97ab4e2982710d0532393647c163fb7979e0e5e0ba6c454445eafa4c980992956127e57e2435c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dfafc0e143a508353e25ce1ebd4cd5a4
SHA1 86968d178024ce453300a00101e790f6faf83780
SHA256 492bce1c1281b69c7303fd6985d42f90f538930d994f0628325cf74e5155943c
SHA512 afe243b7550076990e8d0f73b26500dbf0de8d01fdce167ce28c8dfd1bb469a67ad25f01a4806307ffc37860ffc1639e750515e0909cbc41bf8e8069cb11cbba

memory/4004-401-0x000000001DE30000-0x000000001DEBE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fea86e262903f62e1499a52a0e190ce4
SHA1 ac7e6828950a0ab6f9dd695cc66b58cd5a6db37f
SHA256 af995d2efdd182eb7203d26f815274892fe6fd85e8dbe74750b5d00d6b158f22
SHA512 3ae3c6f40110f09181fac7180cc98cb608d1860b6bb437d3a2242de6ef9905cfcbe2a2e18d58c2f2302fe4b1c816995a645eb79949408a8f979f500a9431f273

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240530013905.pma

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 80060235e009f2fa14beb81014ceb73b
SHA1 d19c2a41d58103f6df66a7cb702bebab544fb1d4
SHA256 4a06b498335580edc0f29ab26528edf8dd8ce9138cd5f5c946138320c81de297
SHA512 034db7073df8637f754e254c8ed58f414becd41ee403697e14edb38399540f58f700c2aa1c7641397aa1c01ffdfbce5ecfe40d9be6758e1474e6d17931c9296b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aa08af5b7c7d04fad82014bae843b898
SHA1 1e6a22d35ff63b001b441588eadfd668bf00920f
SHA256 7944cb8aa24c6a0e643c90fb903b88f0e7f84cbc45baad984383e91169db7f83
SHA512 e85ef629e2b18ab17425a76f0790dd19ceb052bd243bab0f294daa9f7986531f74a33c54b56cab69f675f24a79d5ec5870fdf37c22a6396f2253de77f7284f92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 91e6b8f4ca80f7afe9b770c7de9c6897
SHA1 1cb29c6d5b396f5f79a1a545d617cb30cb83b219
SHA256 21354dbea17ca97499a6814a55e6cf0c4364803b26b96818112aaa792690a428
SHA512 0e3758ee8bdad12e5bace8f732014479dff3be763e5dc234991dedf3ecf0583f62a6f211b35b0b5dc61f700b57207d8db8f5a4889da79e36c46b6a91e9830945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 14aa431b3a75f683cbc38c5acf025cf4
SHA1 9aa70f37357f6c96d7e731f66c3ed424bbcdb2be
SHA256 9fd2a11477652a5cada7f0f265863f4e2a769d1bcb4ae5e930da202102714240
SHA512 f49e4e896f0dc3e3a43ad2be514aa15da4033d5bce440887e4341d417fc506cc1560978f48bcad32604f765ec44108ed1ca7d1106fe1e0b5b7a6ab4f83234db9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3b376006d45b22faa3c4a15e06fe60e
SHA1 30948b7302370be8fc32b335342955b2832c2731
SHA256 fe466604e2d0b3fa0debf3d6d115c991722b18c505201634b2d6047310a03aaf
SHA512 c9014f7840e68be44928a3f2269054455b6bc21b9675e986931d7475e851c528c06ccaae5950d70230274fa0d8623c59b0b0a00d51b26779a2a0d5dbb97428a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4efc238d74dc4f5065f3bd0360beaf21
SHA1 64331c0f9c06f477c2065e4280097edd7f4fab2f
SHA256 226075e8cf7c14331c2c182c2e7090a689a5e5bb003e515104802e148aebae7a
SHA512 f722e1507cbc084db0e72c77211247b010d48bbaa7ae0958ae4da2ad79fc838135f66d49d95f8db2b0a1a8d7f04fd1a5ed1db102534731ec57b00a833ed5d160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72dc44e5e88e988b54fdddf37be9ab6e
SHA1 615d013c0c04dfa178f839539c99258037c00354
SHA256 eb650a7bfbe3ade1362b6da17e8db6085d57258b83a3867ca8e7cc6667472bcd
SHA512 cd1eaa389f324ee8cd221f4defe082b5eeaa1f1d73bacb14d3438436c2f5ca29ab9686f394aa3084a9ff78b079fa2bec925925f1b7d533497ba49714cea766a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cbb7707fc585433e2103cbeefc5b79b3
SHA1 7f03bd59e7c973dba108d6e2fae01dd3c64c7611
SHA256 d32ad5b17066cda4a7eee496f296bc4100b7765eda7d566d981aeb48379e9251
SHA512 e0f13c6e4b43c3eb80c8e1df1edaab41b860a9184b4b0d82a0156a87b2365402c9d1857ac469df610076a253cf76dc71dd61ba26b3720df883333a0d0285fda0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c18c1232f0b4e7be90c2ebe626cba8c
SHA1 52a6697a6cd9d44d488ab60f8f38759f52455a7b
SHA256 15ba2acc8f893dfa38156b812fd25d296ab6bc7c89e61870943223f020ed974b
SHA512 5f59660acf7380692416eda4e05409fb2024af338623b159659460a6b436a31c97bf7cb534a63f5c331b3e25484e4339efcd599c69f07aa4db528ba78c5dd606

memory/4004-639-0x000000001E250000-0x000000001E5A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8401a889226e75732d9b87df184abaeb
SHA1 66591cc410610b9019742086903ac55007a793f5
SHA256 7268d99dd1bc343858ecb4e51ccdc5b5497a5ec1263e7d6de5a5d8040d8a19a5
SHA512 9ff2250ef3f01cf414addcfb296c9b72759f0cac8aee9ebb2d72186a87462da93faeba59c43f953b5674be179b824b808d9cb6ee7d253b8a0932e5ba7514a54d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a05a35d5d2b7a74336e16bd60fca2ac6
SHA1 1d6c00fdf6a2fca224d06fe3d744ab90f7e2c47c
SHA256 b0e84962793c76987e73ec7961d0479ab76bce08ecb1e2292c522e157a84bbfd
SHA512 b62ecff11e46addd4ce3dee62953bb287ad14e8824561253652bfb9fe408f5d7787113530aab2e612984b1d70e1d06476a43b19c08dda3cf3512e96f5f7f81fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 de5cebb80b16d136f77107d9f5ebc599
SHA1 02e6fd17bf7fc0dd49f5068f2969e8dfa9b7e407
SHA256 0225ed435ea0c2aaff1a410502efc1df741f3881213daffcd6d86370e484821e
SHA512 b0e6b45d0531970c9c5120aa18d4b9bde44a9ed0dbdfbe73c95f32ab19a5cedc480e24b59dc87304b1dc1fb0a83439bd51b3f5482a807ddad0418e7d4081c631

C:\Users\Admin\Downloads\897c21d1-f506-4c31-af4c-0c2e5941a4a8.tmp

MD5 926eff7abf8f94579d34c71ed85ccc6d
SHA1 23b9b6164037d0eaf4d258a8ff09a8899da3725e
SHA256 454141d9d5fe953feb9d2620e9f428030364d29904c3116c9abef7fd5fbcca41
SHA512 926d9d6551c8cba273759e32a37de996c2c0460b8655786d6d3d7b6a76cc8bb1a17e15944f9ea62e5a1dc2aa9252989ebc8f5eb9a8cfd3265cfc39c82414191c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8486e768cb37f145a6fa79c64eba7baf
SHA1 3ca665341f656492f3a643211ae5deaeb7f673b0
SHA256 c7207c215711e715c5d17bf5598ed1afe94c26d556181787a46963087671ca16
SHA512 27431693f0c477fad88bfbc8a54821c3ba678ce50d84d1dda94776ef71391906d7592fb86ec8e2f8dd6ab4cdcdade63981ddb7619b519c76a5a21af77dfe8fdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 68447fcfa5c8f4747bb49f14e681f0dd
SHA1 19df9cf466df27c9d324c6092931b8b746f43cfc
SHA256 6adb1191baf5fa200d1062796a2adc46d8d5be7d04498e5aaaed46a55755f1cc
SHA512 3276d874cda532f57134b515c6865b551c24fd9097d263aad046fea0d0b966302ab7824f4d48bc0d90d4d197d24aab3fb4dcc9de27758c87654907d9eda33e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2317f4e2417239ddce19b1fa810db27
SHA1 b38703852fa3a0d4c05aab1a0ae18ad1fb631e3d
SHA256 638a92e21cd9b0ea6a0ba31042810a514ab668bc8d3e7b4933e43e2ed483760f
SHA512 52a61dc42fe7d587441487c76a1d1ce1dd43689accfb5c849614c3a2555965cff2e0f1521e6ac616e18341aafb285d6b6959644ac6c4e9726badcc7d1383448e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 fd10d98fd2a35312747e1e68c2e69eaa
SHA1 76e612543e4ad3604395cfe74e840632828ca817
SHA256 2607b882f9e2a4f4ab5d356e7797bfa8787a56339b00a88af9ef5e519dd2411e
SHA512 93f630852ea74a524a95d231f6466567cf529c7a401f57a2b6093748dc7c3e95719727eb3d2950409a47ad77d268adf086fe02b6ee40c14cc736b45646da1627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cfc6a6bd8b703f485c8abe206f56f116
SHA1 351b4524817b9d83b2e90251a09e4e6258280ad7
SHA256 595131b6e9322044bde24d26c1b62d9bcbcde3e4bd3d8aa3939d157917d17fe9
SHA512 a3be243f271d662630b95e8a0a113c70ac5a216da25e2e4f6b4d12cbcac10e957b932eb3bf73a52c0945806d00dc53d01bf60de4fda2bb3e256e04eca30c916e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e9f246702c75705934405b36c90e6a5
SHA1 8fd146bc12d02b6eddd59692f7f01918fdd3f443
SHA256 fc24584e6a54c17fbf308da3cd19803572dce4574ad5b5e8caf6c4ee5677bf1c
SHA512 69647179f006b4ebffbdd2ef693ffde1c0682c8bbf7b42bb50265059381a9665cf20856f7233dd6071523ff4b48a45c312d8a2e3aa4dce5371fb487304f47aa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ddef47e002ce802599dfc4c96a2a92a4
SHA1 8eafae4526d21df01dc4d17395be80847b19db8a
SHA256 bd0a03b35aaddab4814640568ae5baa7a8d487416f9397e9996911b15229540d
SHA512 a701fb4959170447cd1242c2dcd0191077bc2f504f177f040e0e116d1c25b331188f5db100af703359e1905b0ac438a418c2b62470dfa80dddaee2314882ea17

memory/4004-793-0x000000001C170000-0x000000001C17E000-memory.dmp