Malware Analysis Report

2024-09-22 07:03

Sample ID 240602-wbx9dsag38
Target Client.exe
SHA256 3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed
Tags
rat default asyncrat discovery persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed

Threat Level: Known bad

The file Client.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat discovery persistence

AsyncRat

Async RAT payload

Asyncrat family

Modifies Installed Components in the registry

Looks up external IP address via web service

Drops desktop.ini file(s)

Checks installed software on the system

Enumerates connected drives

Suspicious use of SetThreadContext

Unsigned PE

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-02 17:45

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 17:45

Reported

2024-06-02 17:52

Platform

win11-20240426-en

Max time kernel

389s

Max time network

391s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

Signatures

AsyncRat

rat asyncrat

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Windows\explorer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1776 set thread context of 5160 N/A C:\Users\Admin\AppData\Local\Temp\Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "676729485" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31110435" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618240055786960" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2551177587-3778486488-1329702901-1000\{AAF637C0-0530-41D3-8B69-F8D26346EA96} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133586177690776358" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070400420061007200510065007600690072000a004100620067002000660076007400610072007100200076006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000c41e3609ec97da0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3044 wrote to memory of 2972 N/A C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 3044 wrote to memory of 2972 N/A C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 4652 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4652 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\SwitchWait.xml"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SwitchWait.xml

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffaf04bab58,0x7ffaf04bab68,0x7ffaf04bab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" Default 45.88.186.12 4448 HVNC_MUTEX

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\VenHide /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\VenHide --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffaf04bab58,0x7ffaf04bab68,0x7ffaf04bab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1540 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=1896 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=1984 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --extension-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3320 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --extension-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3328 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3472 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=3264 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4036 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4084 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4296 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4332 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4100 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4412 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4408 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4500 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff63e88ae48,0x7ff63e88ae58,0x7ff63e88ae68

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff63e88ae48,0x7ff63e88ae58,0x7ff63e88ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=4292 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --extension-process --enable-chrome-cart --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4744 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --enable-chrome-cart --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4580 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --enable-chrome-cart --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4492 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\VenHide" --mojo-platform-channel-handle=3516 --field-trial-handle=1904,i,4579930726394183583,17033996586093192616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 --field-trial-handle=1804,i,7785550897413441954,2429724585814514226,131072 /prefetch:2

Network

Country Destination Domain Proto
US 45.88.186.12:5050 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 45.88.186.12:5050 tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 45.88.186.12:4448 tcp
US 34.117.186.192:80 ipinfo.io tcp
GB 142.250.187.238:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.16.225:443 clients2.googleusercontent.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.35:443 id.google.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
NL 23.63.101.153:443 images.rbxcdn.com tcp
NL 23.63.101.153:443 images.rbxcdn.com tcp
NL 23.63.101.153:443 images.rbxcdn.com tcp
NL 23.63.101.153:443 images.rbxcdn.com tcp
NL 23.63.101.153:443 images.rbxcdn.com tcp
NL 23.63.101.153:443 images.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 128.116.119.4:443 auth.roblox.com udp
NL 128.116.21.3:443 roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
BE 88.221.83.98:443 apis.rbxcdn.com tcp
NL 23.63.101.153:443 images.rbxcdn.com tcp
GB 128.116.119.4:443 auth.roblox.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
GB 128.116.119.4:443 auth.roblox.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp

Files

memory/1776-0-0x00007FFAF4ED3000-0x00007FFAF4ED5000-memory.dmp

memory/1776-1-0x0000000000100000-0x0000000000118000-memory.dmp

memory/1776-3-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp

memory/1776-4-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp

memory/1776-8-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp

memory/1776-9-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp

memory/1776-10-0x00007FFAF4ED3000-0x00007FFAF4ED5000-memory.dmp

memory/1776-11-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp

memory/1776-12-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp

memory/1776-13-0x00007FFAF4ED0000-0x00007FFAF5992000-memory.dmp

memory/1776-14-0x000000001C5D0000-0x000000001C646000-memory.dmp

memory/1776-15-0x00000000022C0000-0x00000000022D0000-memory.dmp

memory/1776-16-0x000000001B3A0000-0x000000001B3BE000-memory.dmp

memory/3044-17-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-20-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-21-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-19-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-18-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-23-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp

memory/3044-24-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp

memory/3044-22-0x00007FFB15D83000-0x00007FFB15D84000-memory.dmp

memory/3044-25-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp

memory/3044-26-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp

memory/3044-27-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp

memory/3044-31-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-30-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-29-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/1776-33-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/3044-28-0x00007FFAD5D70000-0x00007FFAD5D80000-memory.dmp

memory/3044-32-0x00007FFB15CE0000-0x00007FFB15EE9000-memory.dmp

memory/1776-34-0x000000001C850000-0x000000001CA03000-memory.dmp

\??\pipe\crashpad_4652_WKDLFACRKDURBCBF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/1776-74-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f94b567b79dd79f05ab007ab1a85534d
SHA1 d54d07f9198c32262f414021d569908c42a464b4
SHA256 a79091747761de46a0dd7e374f735667f66a80fb613f37ff1f66e79ea259a28f
SHA512 071b0b44882f3b170541fc4ae5aa44235960c8d6a97875a9ae12fc99a84a1dfa634ef0cea2f7c881b5231de56e06b14f2e12f83e54bcbb347e66f51d92751300

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16f02d1f0b873a245be63d08b95cf309
SHA1 d0e3f465c0d1469df05ea3a3e6513617dfc3975b
SHA256 80b997d9214151a546622209919c76b53e884987c9d5eaa5d7d40d9dbf343cfd
SHA512 0c1c20185d4186c4b1b69e71f47fe460fedf461fcd33a14563c949e6aee340ad59b28e5a3884693fa925fee433b65a9a23ca6da9848d4f37fa3e2cd34ea2870c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 065f7d0eb0c10d141d5f7f7096f09cde
SHA1 89dea4bc5025402296713681d165e819743a1c20
SHA256 3173228a2031bbf7ea1cbd2a78c8e2e813ec0cd6e5121262971f38ffed0cfeef
SHA512 bb0b9c266819cb20d4ccf7b83a52396c49b40b6bfcb5cba3a09e66f1a02b1a5ec310b893532f0e58aaf8edc485999ac3bff93b2b3c47039ed99e714f565b1322

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e23760295fdd6ec2645277c6ef1a71ce
SHA1 c103ba6e9f3a4d1843ded42e78bbf73653f01323
SHA256 fc2f14ca6bbe32b0a2dddd025124ce44257eda2f8ab5c93b73b81d27a9b99e23
SHA512 36a7cd83ae6a8758573398053f88ed6567c3d227daa2e5fc18f35e45e8eeeffe9cda2e66f8f5ccc0e2385123b2ade4774ec35884e9aebe774875894a04a8ce50

memory/1776-99-0x000000001C590000-0x000000001C5B0000-memory.dmp

memory/5160-100-0x0000000000400000-0x0000000000410000-memory.dmp

memory/5160-101-0x0000000005520000-0x00000000055B2000-memory.dmp

memory/5160-102-0x00000000055C0000-0x000000000565C000-memory.dmp

memory/5160-103-0x0000000005E00000-0x00000000063A6000-memory.dmp

memory/1776-104-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/5160-111-0x0000000006F30000-0x0000000006F3A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\scoped_dir4624_1311038857\fbacb1ae-110d-4697-8402-606c62601891.tmp

MD5 6457b577795f5c8949055da3a8d3ab2e
SHA1 515b61672fe5f3b2a78b7a64d7b83fadaf43e4e0
SHA256 52434403b00cd4ad818162921eb958ab318f2eaed1041cc0eb7216f97a63e950
SHA512 da6f36047a99bfb7d3e942bc1ad5f935ef9913899765a39e0b29cb117ab706948ab38ad5fa468507aecfb39612da9c3c0e18c707496af498390b00184ce61622

C:\Users\Admin\AppData\Local\Temp\775631b0-b44f-45f3-a608-2b755b9bb3ee.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png

MD5 c2041f6fef10364434abcc7e198eec0f
SHA1 38d2ed3af17e64f96f21df12c5c444138489da48
SHA256 dae8a0a9c81dd21b5b593cd90968507f5eabb85f7912135143da60ea62d3ee9f
SHA512 821fe3091cc3de86c642e771f606af9fe0d34f626ead5811dd136ac427475bce69893bfc11f7db5beb1bba7f74cbc49ba3bef01dbe793f9b507f343a80f7d901

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png

MD5 2208a92644dcb1f39eb0eb2a6cd5627e
SHA1 92b1bb3f52841272dd5103058d10b8938d82f582
SHA256 1a087dddaed584b9df580672ff112d538b02a3005862ba2a38147c498a5f4c01
SHA512 f155b86f9a3806e7e204fded36c722b69f94e778b3d12684b2b5dd2ca649b02bbca24e6ec01f27e864e8004139e800cb1f7f098c9dd380363a90e686e617d90a

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png

MD5 920e94dfc0a5448e1da40d06aa873d5f
SHA1 b88fd200e5f7771b897528a4e869ead72144fca0
SHA256 c10d2f537e072336c10afa11b9621b25d0d600ff04d12d1070dab942bdfae62a
SHA512 c893a6d711249d5b546553813d5ec21dd7c8db0bf144a7f2bc47c3a4ff00615708f679f499452ce68e1bae3cb9098593c519a3055e207c86d571079f05bff4e0

C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

MD5 c6278c773a052f58bc3dc54f20ad1ee9
SHA1 680124dd472d9e3c0e2e400f1d4dacc7d0effd22
SHA256 bad9f31a4cf15a0f0e8d1e93ef966a824fa4fd25f67adc1146905264ad521c23
SHA512 c9b0252dc3fce2aff665637dbc1c39f2d62d456c39e09c8467ade04659d7ff9e862ee8eddd77d8d5b0e06de4860e15e6a2eefe78cbff22abf25d0f80946c7e2d

C:\Windows\TEMP\Crashpad\settings.dat

MD5 533c2664b4a438abeef94dcae421f52a
SHA1 c182d2be00d84623085a4b75b86c3695f0ee8e6d
SHA256 c5aa449f49cceb936e32c9ac01b7be99fc0192ae5ab32c03fbecc7e4cae9fe1a
SHA512 aef266a99e877004e0764b5e402cf659e5fa3424030e469a244e58b827c7f47a40145c0bd89568a540a68df07488b5314d814b5c16983a92a7690ffd1b0e41ef

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk

MD5 f608a60d0fa7e11e0bb80958b8d7c595
SHA1 632331cd04046659e878798ec17a2cade9c8127e
SHA256 390a8e07e49330e391278c348c03212c8ad9e9b879bccdbed3dafe764b6ffbf9
SHA512 5a8cb22d987972e9fffd3b9b59ec09f2eeadbafe5a702b17e03fdd27690e088963bc90f2efc036943382c98a20ce63c5cfcf50667e83f700dd5e9f9d5569edba

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240602174709.pma

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Admin\AppData\Local\Temp\scoped_dir4624_1311038857\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

memory/1776-647-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Local State

MD5 cb0e2c041b3c34f360c982ef99ba07eb
SHA1 082040695fff5dfde6842233f397c3d26b680bca
SHA256 16e87698fb2dce09f74bfd99e77a564806d6f03158b83baa357b22114d8552a2
SHA512 b5c77b7e11d770e351557ead38493ee1a1d05ec669b0b57a41aebe2b14788fc29fd457746bd6337875b7b02abac05d59120fe410a5c1edb44caba7bafdefed0c

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Local State~RFe58a7a5.TMP

MD5 bb774061c43914a4820021d41f89a02d
SHA1 6c92e41be94a2b27a2e8c93ba935f6828934150b
SHA256 cd5abc945f4d372e185db786924ddbb25d4416190edf896b272be1c3e3d7bd9d
SHA512 d95bc201af24640c2b2270eaefebb1d357d8cca83d84cd599e9ce09599bdd7152180412942882d2231f9dc7179f4e94a131f2e0c7599fc8b03dede1f7296ca26

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences

MD5 c0b2ba72bd88ed8b604b015220269d66
SHA1 c0f4dab3d3ccb0e4f685e887edacb4d5e19cc688
SHA256 3f11a9f0ad8100871b7936b1e7831993fdcf48f4376e9c9e0364d2b221d0c64e
SHA512 d6a6b003f9ababd0c01717263ec3f193f3a534803673cc376ecdb3cfbfeed25f818dd6f9430936f7aff0d0dba60b95f26926d4e54bdd16cb3f67ac30c81279cc

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences~RFe58a7b5.TMP

MD5 4ff9a492a656fc50cb6f606d6008429e
SHA1 d50477392f5838c786e651bfa1a48662edef4135
SHA256 680cbf309d1663b498719c0c1c1a276af64a4fb63c85cf2454fc718049d12f36
SHA512 8d51de0bb0e7178c70024a06ac1c681403cc24cb742bb30fbef4ae85254733c9ac5e0cfa64bffa6159f39d952b91269e712d0b63359b8bcc87d3c04742f5ef78

memory/1776-839-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences

MD5 a0e218ecd9b2df2431efdd281006a510
SHA1 25a9a6bcb664a7a271348fdaf55b38577ada3c13
SHA256 c277718328f669935e5a273d61032d444ba09f792be3fcab15574687e407d5bd
SHA512 b9cd98509a7c44822e6211dff78e82ab506d93a7aeb697763dbbce12f300599605df0dfa42ce7808e732a786d79489b25cdb618ff0eb6682abe591cc1adbba07

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity

MD5 d0ce6c7a0aca81f31731048c968fd669
SHA1 f15663ea159a061d75a361796f039698823ef7d8
SHA256 efcd3ff4c3a115c4a4a8183f609948bb2e1f59c546f7581b7857eeda47236c92
SHA512 e2cdc0aa3a258e99f6876bb276755522eb72ecea41d425f484c19782b2aef7db36cc0447387a06d3ca60b07c1cf5b78c5c7e97e2f7037b94966da839665c07bb

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity~RFe58d397.TMP

MD5 beefdef0724a694cc94ed159f0218907
SHA1 bce4a16ff2b0bd566d714578071164f2b058540d
SHA256 a1a094cddf486b724e8661f69b1b59fb1e5d96ecd978507643eaef6108a6381f
SHA512 8565df43e4ecbc2f00a5969ea9e23c8c6f6b7d9af91156b72a7d9d586a09dfffdd53221316a675c403ccf013779b6a2cc8336e64c1a79696aea0415277508004

memory/1776-1044-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity

MD5 d18ece61f884f6aaf44b2ed336aa988a
SHA1 2cb72b49a7eb0bd238240c2181f886a85af79e75
SHA256 7f244aa597c9b703942de45fc320402d816fd842ccb6334e05bd133b04148110
SHA512 263b2038f32598beedf2bb0f49eeddb010e0d84944cd00d927f51a7b126e7b0b5b172ca041b845bc37efaaee73892a31de59ec6e4827800e479fe31230ab813f

memory/1776-1218-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Module Info Cache

MD5 4a64a985414eda6a0d6010e3a6b9546a
SHA1 d3ee7077bf9e621dfae0ca1e88b8855e7c3a7242
SHA256 263dc6523a2286b9c842c93aece24d024d70cda75d1c797f9da3f38efb51eb27
SHA512 6fc723aa75674fa66b2ee0c681628272e589adb7aca166266e987f103ab21455a3db34a32f30e847800f1046b6a204405978310d18a3ba077dfd09e0a53ee9b1

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Module Info Cache

MD5 3cf241941fba20a7a19f83bea8654499
SHA1 b3e0efb8e6f525f820c42641037aaea2077a63c8
SHA256 1e9be94c1ccdc8ad24e9ff19c71099422ff8b8c44c087f23182a104410405442
SHA512 5ec4717c0322a6a940cee9a6ff9d7633f137d86ca46bcbd26f01ca804dd10f18c87e6a45b36a9c3ea4c09fe655d611b7319dcb04c2d9cdfe0089f492d050ba93

memory/1776-1238-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity

MD5 07b8ab35fd0d005a239d3c6439d72381
SHA1 d67c20a7141f458106c08e72dcf1784801bdd19e
SHA256 1690ae68b3716bb0ba68b80e1fd2b6747c977bd1b06a65509f97f123762c48c3
SHA512 223a7b6c6f0e046624745855c43cf7feb12883629c92f22677d16a40d1cb07ad56eb91638cd48fae640cf3eeac131a97aa0e9049ba90cbbb0124a19d2351813b

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Code Cache\js\index-dir\the-real-index

MD5 28c22957fcdb40a551d17d3edc4317e9
SHA1 ce91985e069f940161f925a123a5aeec89cfad1f
SHA256 f7bb4fd5ef7b3796c08bf57819a644de5cfc3bd28424d8fe2ac093739033c0ea
SHA512 2679f7e7836e641dd0716416a6c0bdd10d0dcb2a7c95a13da17ae13eb952c8cb35f76e4550098846b6e0dbad4dc159f4692f2a43b8535bf32f7e7b49f045ab6f

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Code Cache\js\index-dir\the-real-index

MD5 03591d118090c1bf5d9243aeaedcec53
SHA1 64851082af9509841d236f38be099beaf6394fda
SHA256 740a1ce7caf82c69324096af51ef06653cb5e4a4e7224eb406aec0ebefff679d
SHA512 9b6e42b0392019f33c0ce87f6057c3f7ddae25401e817841ea7e4fdaf830ea0226f14e6a573591b1b57d3d8d7b103600093c27153bfbf7540064214463865ba1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ce1e0fdc101eb0272cdb28a1b8af2a10
SHA1 985dbf3a9f0f50b371824de45d0e239ba7c1dc03
SHA256 bbff790902d59dc293990a392da33e865b7a7073da4669b44e2c310f2b373412
SHA512 276fb67873362d6ed3526e6167986663769a4c078def991c85eb1bd68035ba2118c14c03b54295e0ad49d0ddfc3fac5e16bf5674e71080a4ab8b535fc4bed3a7

memory/1776-1272-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity

MD5 f67d03bd84a809096f3f46ae8048a435
SHA1 4a118bf393447e22841742236a848e11791bad77
SHA256 3e2701145c2a40cf9cdf3b4906366c0c2780aec5b4f18fd1e7cd1ef8e9515df8
SHA512 b59c9abcdc2536ab8a8c54cfd11f1ae79d7ae692c4945b4b1739739fa4cb3d4bf731f07e20a19ab3f0b40f292be0fc30e2efdd784896cca30fa79e64f5ed32fe

memory/1776-1285-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Preferences

MD5 2d5dbb8acb5e45c8b6561e3704a08669
SHA1 347d4111009fd741f8ef5f34562d1a0fb9cfac86
SHA256 80c0fd34e51925235b772f9b38afe6da45cab769a333a1b3d1e9fae40a126523
SHA512 53306f3b06e74b21eb79cda0b386a4c42fdec639139977caaafac3820b7566fb69e1e9580d36fb3deb84eb8b468dcaaee6da13080b7c45f96cc6e65a8fe08e03

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity

MD5 cdcd6f7f7e9f41ba6176094dda95d1e7
SHA1 ddfa0a0b2bb1cf710ff5ba6b66ce869d15cf2aaf
SHA256 ba0828df8c921160137638603002dbf807bc53ba540c93a143bee6aab63118cf
SHA512 2c4a8748644791bd0d5169b5ede1c14238d7acaebd16625a9259a73afa2797cc569e41231c533abc5845c57cbeb59036ef37d2ea232a24e1ea8004b39025c55e

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State

MD5 a451b378bf4c40574ca25848429ae070
SHA1 eb266c05feebdf9f3be170728db1bb289973dff0
SHA256 cff810a82d041bf4e4f1c0af9376f232bf1227d142433736f9aed356ce2de285
SHA512 5bf23d320e62d79af67dce87ee2ad76f820b43c786aef8a0fc9c75ea46e9a83e3e0676904d8fc24563fcf515681ff1da6ca22575112445a017e7ab0354c7539a

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State~RFe599486.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/1776-1313-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1314-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1315-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1321-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1322-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1323-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\TransportSecurity

MD5 03ad55282271bfa31b6666f7b64665b6
SHA1 58583f9b2822f0c71f82808bda8810e1cd517234
SHA256 df9caff5d2f24c4f77ec3e450bc882594e6a2fa05c850fbf2ce1440db8f09895
SHA512 0c9e8e3b47289d57a5ed1a9c21c1e928dd5c97db565d679bc639d0580bcb138671ffee97830c3ca8846e594e1490c2f68f64087fd2311b6c9ae5f19bd2dc8f3a

memory/1776-1333-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State

MD5 11ac240273d3b9e7ac0589103eb145a2
SHA1 38cff2b2355f18a4b7a6905cb0b29752100ae68f
SHA256 b8ed9b58493dd06d7fd115222b7b8f44d00794dcb78c99f1add35eacf19d9d77
SHA512 2a207e2c3244c749c12ab354e1305d67445ee83e430b5f1f551a176959c57caaca2f0a1928b23a32e91d841388ee67f193354c536e31f1a97fb6f0c2c9bf3600

memory/1776-1343-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1344-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1345-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1346-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1347-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1348-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1349-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1350-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1351-0x000000001C850000-0x000000001CA03000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\VenHide\Default\Network\Network Persistent State

MD5 3cc685567977a61d0c9ebfc1c21599a8
SHA1 ec42ae079bbb7d6b2aa15b9acd80b504971db201
SHA256 bb34a05b77a2d88b66e0ca6503c5948de261674fc19a73218ee592ddf541e967
SHA512 d6ac23658638bbebf4486d28a5d6fc0dce9d9d94b6b1fe5debe66cb2ca6e4dedf7e0e55bce5dbfcf3386f102e0262ddbbb4558f11036ccaa8719036479d5b84a

memory/1776-1361-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1362-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1363-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1364-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1365-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1366-0x000000001C850000-0x000000001CA03000-memory.dmp

memory/1776-1367-0x000000001C850000-0x000000001CA03000-memory.dmp