Malware Analysis Report

2024-09-11 05:55

Sample ID 240602-zpdzfsfg25
Target https://github.com/MalwareStudio
Tags
bootkit discovery evasion exploit persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/MalwareStudio was found to be: Known bad.

Malicious Activity Summary

bootkit discovery evasion exploit persistence

Modifies WinLogon for persistence

Possible privilege escalation attempt

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Downloads MZ/PE file

Executes dropped EXE

Modifies file permissions

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Winlogon Helper DLL
T1547.004
Defense Evasion
TA0005
Modify Registry
T1112
File and Directory Permissions Modification
T1222
Pre-OS Boot
T1542
Bootkit
T1542.003
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-02 20:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 20:53

Reported

2024-06-02 21:26

Platform

win10-20240404-en

Max time kernel

788s

Max time network

617s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "satan" C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\WindowsXPHorrorEdition.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Temp\wind_short.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\crossHD_small.ico C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\invert_snd.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\stretch.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\rainbow_snd.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_snd.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\clutterus_ico.ico C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\crossHD_medium.ico C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\mirror_snd.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\wind_edit.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\plg.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\static_color.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\tunnel.wav C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618353656000968" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Clutt6.6.6.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\WindowsXPHorrorEdition.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2216 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 1328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe67c9758,0x7fffe67c9768,0x7fffe67c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22960:120:7zEvent21467

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2480 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=768 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5452 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5452 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1636 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5636 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5820 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5528 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5952 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5980 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5644 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6528 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2020 --field-trial-handle=1772,i,706833488312775525,16560096705102408152,131072 /prefetch:8

C:\Users\Admin\Desktop\Clutt6.6.6.exe

"C:\Users\Admin\Desktop\Clutt6.6.6.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F" && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && takeown /f C:\Windows\System32\Boot && icacls C:\Windows\System32\Boot /grant "%username%:F" && exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant "Admin:F"

C:\Users\Admin\Desktop\WindowsXPHorrorEdition.exe

"C:\Users\Admin\Desktop\WindowsXPHorrorEdition.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3ec

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Boot

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Boot /grant "Admin:F"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com udp
GB 216.58.204.67:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 ia802807.us.archive.org udp
US 207.241.232.117:443 ia802807.us.archive.org tcp
US 8.8.8.8:53 117.232.241.207.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c56.gcp.gvt2.com udp
ES 34.0.206.140:443 e2c56.gcp.gvt2.com tcp
US 8.8.8.8:53 140.206.0.34.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

\??\pipe\crashpad_2216_DCJYLNMOCOBLSUDV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bcd1df04ba8be48be8c097c035a6774e
SHA1 47311596b968ce36b40751c548a93c91ebe09bcb
SHA256 5072da8d6b8dc081a76ea1d1dd1f50e9380060ad120bffbd986f40745bb4e20a
SHA512 a9f945a20f6082e874bf1a436a07388908869a3a3eb05e44a6e70761dafac9c2d67789f94091101dd12ef001531d4f5b05d6081a0e867a9f9b17c3ee40c0496f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 440dd4e6617ef820e81da6e2663745b1
SHA1 f963ec6725796ed9411002df96452b9f8ae6656f
SHA256 e2306662e98c43a7b414cd9f97d16771b034e1682ba345652cb0c1bfe37cb7f0
SHA512 fea505ce2b5578cf5a216f55fa3989310117692293be692eda6f6345a9f6a901baee7057a6290a18a77993dcbf05e6f68e87682c71effd2ff3d58318c2876c1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a20d11e27c8753a5aa0c353828e0066f
SHA1 3ee96b8d1b5bd95dd82857bbebd52042ff80618d
SHA256 7440e407f46a25c5efc5e45dc4c5bd7cec305bf73a6d2e80307f8d1a1285f6ac
SHA512 243d2e47283c8e53c5ce1579a6bb8792f63f2b7962d93d8b0db585af1d1a6baab4c6bba69301035e3db4feb0f1cb71dd340c53dccb5379f3501f768603f3ad66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2a7a3024-81d5-4d30-ad2a-37d5a5bbc9ba.tmp

MD5 780c3ac2b0c45ede70ad40af93c591bb
SHA1 168cf391ad403ff85bb87e6f7fe06ff6aa69643c
SHA256 8f633cd37eeaf28e26dc8b14053322c9ecc1a0be5041699faabe1cffaa26330b
SHA512 297ea19660e44a2730ca74bbada7c37b0f82a1db3a859d6a93a179fc0835c04e776e062fbd52786d9d71db585311ffd02853730ae977ace36b7d73b2b5504425

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3563c2ccadd5e2dccd92212dc7b49055
SHA1 619b343d0dfd44dc841f0a8c2cc9c71ceb4fe42d
SHA256 6acf5340a327a6ab93a042ed4fdcd9942acef792f68eb08e1a988df852649ace
SHA512 4ae6f0670a53d9b0d32226abf1e9005964329b639900977970f727f0dc7db7df1ff01a00569c419849ce8b7ef1af50f63c8bdad27ce5f3c92b2a6eaa316afa92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c878525cffc311dd63ac625d8ab9e823
SHA1 3124756430001d197cdb75a24f3b90ed37425827
SHA256 810ef27f7d0a1715e66b0e22bde499e1d8b5138f75dff43dc596474111e1bb3c
SHA512 32256a5602730e003b28459d45d752b409abafeb5f085914b8278acd02bbda8014b9a940d2a57f68d71a625b7205bc5327925678200b516299f4f64f15040a70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6cb4f249dd2f28b6021968bedc24eb46
SHA1 23678f6f3c4424588bbef8fb8319fb6cda3b8ae5
SHA256 0be3f65c5eae2396295909ab80618980a2f5c5a7040639eced23d9e1fcc6fb88
SHA512 d34e91fdfffc57ae75d5636fd52f1d69c6b9885e2f93e5a0bb58311b36ee857edb0459e96ddea9736c84267b2ba774566bb7599f6132a8a357704fa20d766092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86728f22c7f1d060751e00d7efa91332
SHA1 f6c8c661186b36e3f050fdb19696904fdedd8bca
SHA256 c9e9980b52de8273df3fa1f2c57a88a0bf1e3d81d2dabcd1dd94a35c63c9f0cf
SHA512 ac8bf83f1b3416ade6337179889206b75de76ddcd1d83d500621ef7841dded8df8d4586f02608bce310d770148f1f2ab462a5c7075090d86770ea8e857685cc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 2893a15962271106f87c23d808cf9c81
SHA1 381901a81504fb469d55573cadcd924aeef646ca
SHA256 1489249dd762d820dcbc5fd63235552abdeb9a5eca355ffe46f50404070c1859
SHA512 652ec8c85e56a016bd1ff09ca9c0f9df5f6cb33e6c4f1ecc7fefc62b0ff1915bce1d6af16887b42904b915284aa53c1696803338278c428e8f7174f118c90e2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3c0e6e5f53bfda0ace9993f9c84ec6f
SHA1 b35996f02c6f0bbc793911e2a8eec065da2bf15a
SHA256 573b1d8866e8db5f03ec7b38e1a05c2d979d7c2fdfe0fa68b97b3227328f289d
SHA512 4d8ad1a79f4c9a924aa629f23b66e19334b3ce2907451ea8a0cf1ab29ced41c43a059b9a06998ad921dc156080bc80228c359ab2d8ad25a843ab6b3b4c1631e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c797edd6c4f10c4ea0daa90bbc1c1658
SHA1 1db6a7866b2a0d39d59c05721de393f6594dba41
SHA256 96a1b00299b8ef534f4150bec2e02c7ac643877d42edef490b6e800d8854de94
SHA512 d1511f2f067fc7b621fea26c45b9199a141a9db3293efddb48abd26fe7471bc29f03e834f417aa3528807dda4fce4d4cf5e980e1b29c6a93dc209b5c6d78938e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588846.TMP

MD5 7b24ff93058b2595a7e6a1fcfede04dc
SHA1 82fb3e6e2906a66185210d02889172539448a428
SHA256 92e9e52249e9966f2efae78c92dba75164c93e3f8dcef08f60dc489d29fb01cd
SHA512 9ff6ff557d131aa5332f7d584f9a87ebfd66aa8f40425fa0a07a115719f9d25edd99d8dc995927ee753d96b0d11f132a39fc22e26226cd4bdf479ea754ecb579

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c453df291188706a6e20a287490dcfac
SHA1 8fcae95aa5a7846b17ec29557e3514474b586ae5
SHA256 09fb235fca6641a73617ad4c3c998110f6fdf2d853191020af1eba48703580ca
SHA512 dba694c3a5cae26ceaf8df1bf33cadefe7f1ebb41bac84c5ae6d5187fbdb63cee4aeb76c036f8bfc137abe56768fdc258b7f6f018b4dbf035c05bea323fe006c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6503bac6aee7561e6ccdbab774223bf4
SHA1 b42f728680b4bf5f1b0e930957e45a39306ec043
SHA256 fd27a5224264ad4a7f9f34db628d63f468a304fa9a1aae0ee026a82f15cdd6f8
SHA512 0559bf52ac4feeb180a6e558ff68cae00a70858bf1ab4b180a025dffc3ab7f0558017b0431a9bdfa1cdf55d5638df11cc2d70f8770dbd2c85bf052e76c112642

C:\Users\Admin\Downloads\clutt6.6.6 - by CYBER SOLDIER.rar

MD5 60fda8c078bd2c6c8be5246d493afec6
SHA1 339675682e1a9ac2008d5bafd9b49cd3167998dd
SHA256 72d36858e676360cd470943c3a22110324df8e4571c166dc823b09dbefb4017c
SHA512 87298877d1c4fadebd0bf40dd774619f9718eeba4b536dc9eee2abb5bc1809501798152139c47b3db204af119cc52904814c689484b400a00e1ad6e69a58aa00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 df3418a26c0d5fbd480847fcdefb852f
SHA1 d14ed59d9bdbd349df0f0f87ace701ec23179daa
SHA256 ca27273c49a1d780ed0df0a27c0f0fa3f5f27b91ba1539132a464d80307146e9
SHA512 cdc2080ab31558c7d2d3d499b287600be5682796b409ca86000af3bd0e69fb20338ccb0117d86b15bbbeb3ae77aa09e338348921cd1c9097de380e31829fd36a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e7e70c929211cc6dc9b810735f47d70d
SHA1 18d6f4ef1039527d88621583777c1a509226d8ac
SHA256 78e39f54a33c510ac90b61a168168c7c8955268dcb0eb763724ad082a6c18bef
SHA512 a63aa21e00e63542a92026238fe2b21e78b633a3935c18ce9bceb1e35b37be8051e8d57784ac50e8d102f75a84230bdd5343ff1008ae9b438d33b5a2b559fc0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 633b6780dab5cb0cef72ff23229324c7
SHA1 ed6f839b4d2d38c597b9d184d0bdc9bcbe011bc1
SHA256 020b9926b577077ecad327f41ec707e18ab8ea1f17c18368874e7c4405467468
SHA512 925c26aef746d449162b566aea270d97293e2317bdfac27207dbe409bd9782f3dd0703a8dcd2a35c1b5925d668fad7d6c5f0a6ff7b87c2ae00a7cb855cd0c2b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bbbf28f29f6f405414f44cddf8b9aee
SHA1 5dd8b9febfb6a39cda0fa54790d6f9d460b0330d
SHA256 6f7c961ce619a4fcec64dba2728dee1627ea09a30261f12fb14531fc14b4d893
SHA512 71e9e3dd3a93c91894d1164340e5148011683acbc104b25ac29f547ad5edcc37b8685ffabaa9d60608a866427b245be1e5016ce7d0413a47e82ebbe04ee0b733

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d36ad84857a49c680b757c268328874
SHA1 c05d3e32fb0b48bd893e77f7f6120d5a41ac8aca
SHA256 fa3232e9b308ae8e5335ec35481799adb4ade6517976611e4ab03daabc82438d
SHA512 75f234e06f9e8e6b6fe8421eaf2cdcbaf54a3d307b91c9226fb1f361d35810afa0f5b327ed65a84171875088e582057627bb9dde0c64a2a83b1022b4a3948ee7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da1b4f81d117deef2a58cf75d3dc559c
SHA1 8c0de9bbadd11a36f9c841ece205a28f3a6a5893
SHA256 0e9e71f23ebfcb4286f9afba00b1cccaa7ea220ef5da365cd95f0184e1129b4f
SHA512 42d2f10f1ca678c408311da25c3a229dca301ccf87302b6fea4f89f45c4b4d48e38102df653ad75973e1396698465f545ced6ed680ac8416a9f3cfc0392b1834

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e11da97358f617f170d8fe484d990442
SHA1 0c3f7692fac3d5c9360fb1a6590909cc1c705846
SHA256 2ad3115cea53ccb14689655bb7079bec804ff3359db2d78b0153d3b4451f2e47
SHA512 d89b532c62df58f4d05062275c8b11b30a8857da25c3b96210aa7c88af6c8bc7feecf4208f9d0aa47fd434d021581526cb31cb0d88ab3c1eda09b454c60f5aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6d439a9c8af3b76a5180f8711a52af14
SHA1 7de6c5d3f858c10cf521fd2992f5d82e370a34cc
SHA256 c2094f762db33201d543003e5c02b11612391e6015d7dc38b0538d41a84817df
SHA512 50590c116e18daa8fe7e0a18a1a4f927e82edeeb2acec0da3091b9703a6ffb5b175c59701cfd140c06f0db6047c40a1410bb01b243e991dd994e97fadc5fc682

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 60180d4efe7878c69f80b65becd0d13b
SHA1 43e79cc4ec8e8c09dfd0e2e2263ae8dbbcfbac0b
SHA256 953f3527dee88b6606edd7d9050bf442b9c4eb37ad1768b37885f7fcd6e71cd0
SHA512 6e29b238f6934b05b6b910d2cc85f17532e2358a0d4ba9b0aea5394c042f0b3c075cdc2978050ffc1c16cc22896cd66e6883a79eda9fd17bbdd890f21a364f0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59cbf1.TMP

MD5 3f2e534704b190e5bddd544a8499847c
SHA1 34225536cee444444a906ce6d76662fef9d0b00e
SHA256 1f472cbc67018d9550d95470a177bd905863efea37d1aa571ee93e446ca00d25
SHA512 dfc9d8ade9a7c043eed5b322e1f0e17d2ea811e9cca2e9084da90ae4838685fd70a6bd137e47aae7a01174c9d796bb85c9e418c62c5ee0ea337659ba3f7762f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84f52e50bd75162048a002a894a172f8
SHA1 61773755c9db6bcb012a8188c004ae78e8bbed9c
SHA256 033b0e5351c4c70e70892436af7ee53e5f4f6380679e0d8e7289160ed80937a5
SHA512 039908e1d33a6b14e2f271b3226e18012b88f2389b37e7f3fca922b5e35dbbe246c015e12812b3814d38c5ae7a6689c9c98c4fd1b4bb6c22a62e95b1e350be96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ca44e6e09c41cb7614c36f05f85e3a6
SHA1 9b0b524007a9868a5c60967e1da5befe158b06c0
SHA256 b0b463af678bd2e1d34e254035f85b79bef279ed8fd3ad6e1b32e748ddfed83b
SHA512 06f6238992b012aa7d3d9fa338bf228ec41f5762ede197fef00cc28cc1af9d0f1961ec4995b236f2a68e477572a4cb8a6b18e848093942c7e02a7757613d2801

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 c356a0c771a0209d3482777edfc10768
SHA1 1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08
SHA256 32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad
SHA512 561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 af3899196275dae45500fc7671ba1a97
SHA1 8baed8b4951ae14677fa093e56d5540f6d989372
SHA256 7413bc9ead0d8ece381038166e278e2554908209d8a084e961fc18eab8ee6c7e
SHA512 32a8c08b55013ebdc62eb9b1cfcaf54a8ce7ef7ab3dd208a30a3cd1f6281cafc7d667e0c19ffe6dfbea8be5cf53df9509ed0c34337d8bfbad0723aa620542d3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 fd2c40ab6f28f98b083ddd7d14bdced8
SHA1 8bd5fd35434b0dc61620e527eb935bc294de9bc8
SHA256 b8b68b20bab08cd4e19b8b20abd676b5ab0e8d3bf04f61ff5e9d2207e5b292ff
SHA512 31e8abaca6af52cd0232c1cb552a015106ef0b09c224b49a2dff4fbec5afb5a951163693b5b113fc6803d928a1ec999269f7d7ea997462e22b731ea39f898f61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 785a7032129bcf6b976d287ca9e51e11
SHA1 5e27c0512c88e78d75caaae734251408603fb8d6
SHA256 b2935a4c2ea00a25592a9925961c1d32a709be74ca1de571f56b9e05c865c2cd
SHA512 11613a3cf2a68e8980df8932159f8fa782cb29ccaafc0e747f32395737e90eeebac26bf892b82f47a4a097860ae70115997e8b69c33a2408d9f51833b63e5793

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 4d556c2cc10f8727638e49463b7d2a89
SHA1 257179478e9f824988c329ac72563c9aaf7bf60b
SHA256 ca0f78aad838f0e3fed01621284f941df080cf134c14768f9ae104fc47c996fb
SHA512 3146f1d3b6a0bd3ced1231d313d23591ad14a680b08f75403c79a22c52632ebd279fb05a11918b060b860751633eada4715d13b066fdf6867222f2506ad10a65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 a06dcd12ab1eab766d22c22b772435e1
SHA1 de36891470ceaa364c65e9e31998aa1f1a0d4b03
SHA256 eccc0756122ada1ed0f4f7df11d6445e980c44de3e6cd961271c821a669623ee
SHA512 3998d3656f3e4e68a0507b51a6aab8251602dbd439839729eadc55e352c35ad81c1da0bd8cafd82dcf74ede5d7daaee47e1f37dcc6f6b308f5d1e355850f7b29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 8f1f73a6bbe39bdf9491f7672b28db4a
SHA1 17e1b5e01c6ec0fe14e5091c4bcfebc17c0c0f79
SHA256 fc0f0e634256ad4acba4e91d7dbe8f18d90b5daa7c5868a5e2115cd45e41c92b
SHA512 ea228c4f2126a188005608488b2d980d36984a06999d8fa5a00ffdf14073e4a00d417518fb1716f664394613bbf1ea70b74ad6d12335d1afaddfab51d42538f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 10cd843378e6e482a284b24f0bbfcc2e
SHA1 e578ec38be77882ad052026e29b89f0c5f501e26
SHA256 c445d596a9f822de622ba8d85b219fbc1782b483f1f74051aabac730856d349f
SHA512 78102d8f2b47fa6736dbb2f3ad8849088b0fb05870f85b381a4248a426f45a6d434aabd817ee51db74e286b105539d4e17744788540efe69f19e955019fbf2c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 43a1dae71795acfcf7089306a641cb67
SHA1 cedbe7f709dece2e054f0d6728e62673d6a5e4d5
SHA256 49a6fc7f5951a7fd69455e5a77a0e2d956f02bbca870f45f6c35fb41c7487e9b
SHA512 9139de7334166cc43f637e054432dcfaf1e418b6824a43a0f7412d9f8224a39188b701db394c5263f8b71a2ca895292130eec6b75dffaaf3b728e67cad732c98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8043bdc9e57aab0b1e973eda7ee6e0dd
SHA1 6cb0c4ff48b9b74458bb5ef2a4ab90323c426412
SHA256 da07200a95c7cd6da2f4998c0b64096f78a5fae42836ccd16da3c68f80e75186
SHA512 382ddaaa1eac550d0c3e664624900e53901e94345605fa9a646bac45a09a8e384ce27e8cdace7277df42c0c916abfd3a1e6cad3f49b03bcb8be5c198d86f19dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dbd0685bca48699270a394a2aeb9fdd
SHA1 0d1a95e06e63549d5687578acd3c40f7717ca65e
SHA256 1c0053889451a05fc816df2ec8338e88cd6e27e182f8753c51028cd7bbccba4a
SHA512 cb26b2fc52f99397819c1afbe3d34d95595f00348c1eef72b1a875c7829d9d239d3fe2b31c4282675639da69757f696c00749ff72c138d5437ec530757d6fa62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 56e6be029d77f578e709c24b614846c9
SHA1 489c375c9f3497c386174d83cad05129e537ba2f
SHA256 25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba
SHA512 efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 e01a4cd8fdcc7c74dae0b1342fd6a77e
SHA1 bb9b55cb8791e907bdb0500362b1a8251dfbac06
SHA256 538e014ff67894b859e7e60a034a23c4f27e8096de94c2fbbcd8ca1c9020165b
SHA512 c8446fae65ac4f7ca0d126cd0e9e4b48c903fe4ea6c7852863b99a2d5dc2e1004af0a0e229906f8cf227eb1202e6dd062b659b0fa02f5b4dbfe0817765efb81c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 158a0cc3b8390b268676b3fc3644dbe3
SHA1 bf06cf6e7d96d7808b0c245be28d79c6b963a5e0
SHA256 544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48
SHA512 d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80af542c467cb0c4030f6d90f4ba3d41
SHA1 a43630a634ef9bb120fa66cd7d0424852b36c0ab
SHA256 6f30f5dbc9bddd501cbb80581e93f0c203b76544d1bfba4da56aba89265f1d7c
SHA512 ff460e023d1cbb17563e00d5f5bf2b30795fd3b6d6623c2be8fdbaa0de21ec6c636c78933e7b101445b6c1be4ae3ac5152cc7637d737e714999fc138d13de884

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f30e460828df8d274c71515a0478c3c
SHA1 4830459df000282cdf8b1e676ab02cfc1e192307
SHA256 17507c224f83c22caa3bdb089766f1f14c17b510d1b23150c3e456e23132db49
SHA512 4f5feb162603dd0fc4f3e7d6eb854d8216586d2ba5c112e79d357806b64082840124c3a9e67354e9f00c9b98d74d32cf6f448ce76f4243275d948aa609788416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 29cba82e603941545cbd6f6cb9e99511
SHA1 1a86224827824d05a239e879138446eb87b37d95
SHA256 86229c32e0d52a929b1f5736f4f9bee81371d16222d2105ca4d3a4ef51cfd9b1
SHA512 c6a9a9ec88ef3f4474c31ca879af917ccdf271c7b7db323df76559fec7983f5403f7c6c019df4afe60bb54167a2b6f6ab7f7b42b584120816fdb50b851ca8491

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88e80414e607ac8d618434bcae261278
SHA1 d594988d496599979331545ee95fa4e4daa49736
SHA256 c570191e0ac4d2e8efa221554d2abb6656a8a2f839874debea14b33b6b20db10
SHA512 60f0c50ad680f848634d404b0601d9c5088aec3b5142690345a4fa61d0880fc26eca8d66abfd390c08b9e59676e9785ab6138dbe0ca8038eddbb45994f03d099

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 12eb7d2a260a583a87c4c0d79ed8c4a4
SHA1 c335c611cd7c4fdf679c44e1f554812d0e793a3a
SHA256 76061df4e366995b9eb572672dbc63c729973df0e7efe821309b80477ad0006f
SHA512 9c093f76ba5f71665ca93a18c97ae322c98378f17c2b7a424dab422798444d4f0c99a91e57a9f5d1ff25eb09f11c24ac360528b0a542c4f69d72ffe63a63ed90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 387ffb4940d5cea54966cda07a2b82a5
SHA1 7d1a337be8558a8eb66ac5a9cce8c9d88ef6569d
SHA256 772b7c4a3c0100538ebc796f22138a55853ea0bfb4c97edec54fe777c6990060
SHA512 b5d0fba043bdb3b3ad63d1c6f9d18c00bbf91351df5dc62595bd87602d120032d8ecee65b2e91b6b6c1624bfa0a46d8c5e8ee5c8eedc3f445748b433457fb360

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 0f2b395cc63db1bd8a5d093e558cbdd1
SHA1 833d0657cb836d456c251473ed16dfb7d25e6ebe
SHA256 f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d
SHA512 e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 357b4145c3264fe69f8c412e823adeed
SHA1 5fcaf1043bb72dbc719ce56a173b3da59db7ebc9
SHA256 4bf695f9d9be4d4e815594d2b7443042ec14e4dcbaa6d35031cc0420b8009410
SHA512 974c8b0220e6490324f5eda5590d4a895d7d67b87414ca1124dd01ac92e3bec033623bec67b4441fd6b69bb9034d4ee8210ee0f92fdf0a8efb6546e62ef8f7fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 8e7b638bfec7451db22d5f6d54662360
SHA1 22c4f81a1216d4b1b48b5f66bbe6aeb7c7bee595
SHA256 9ca11ec635e88ea63b7ba633594f5323cfb61ee4499c42b90f3d9968accffc6e
SHA512 024db23141f04f898cb434c7624d23265c3c1dd702f15e40b793060f38cd4be3416bafdee02a72027e41dd2c5fba47ae8765a0e62c17665e8287eb782eed1373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b747e16982c5557b06c3268947a99d7
SHA1 28d7a7b85cd0084fc278dc3b3584596d4688626c
SHA256 d7989f56c72b4f3c7d818bd06aaee91f233db38904af2c827203cc3d75dd2747
SHA512 374d3818fff53a0043ed5a82373eb8b394f732cf6f8352994fe84850b162f4d80042a8dcb8b6c9729712397ceb0ca1ad7b3e3e442339447c2638d84bbfcd0e3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a922d1110f9a457c765c2e339b84173e
SHA1 6faabba66f5206db4214915858b055559fae18aa
SHA256 45f28740eb06c6bddca07eac73a03431dea023913d040ec7e0daf5a1d307d5e5
SHA512 a9653430a5e87e81c6e9dd9d899e9b4e10c7f0d79cdb8ee74540c9d2c3c5fe34a7c0fea9523ad523bb296627ae1471befed362058816981d995bd38fc0285413

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c36b708b51992669ef56fbe3ae76a46b
SHA1 4aa4e0a4edbbd9ff49b61e81f5340f69e75d1158
SHA256 5a4556a2e70a6fa6ef58ae398650a58d4df1318f0adad17df07ffbf2625ff618
SHA512 ba1ff821e4e1ac10f9a8eece4c7fa1c958d45f2ce182201b811fbc26730adb1935ebe3aad7e251855492d4ed5614526824bab576754578c01e6a341775aa343f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c84b095e55ec307492adbc7d3c0eb7d8
SHA1 6767460094ba78ee5c2e8340e6b4fa2e7b003341
SHA256 078bc293e9b03968d376748cc4571bb31e48fc38da0b33e0f78a69464bb47475
SHA512 85c53e5769adfa6410a04ae44a7c57b9121b3c848ac0b2e1a9663d2488ce2478c686f9765fa921d98af4035ee8983bea60d58309734c16bca7750df162d66e19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ef38ced9a7e5cbdf5779f79bab5a084
SHA1 1e4fb93242a6c081a974abe3bc961444f34bc9b5
SHA256 d77f6bcfbf7b6c87173907c700dd874d71a6e9484f82e19319d5c2f6048c9779
SHA512 1ee98ef7c86a9c46aa75a4e2118ca2a8f88e61933e1b3944667b47ba4343bd47c2d682ad6e895e67c1483546f231c4a44f95f3a910a9c3caf8a219ca23e27252

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86b087cbf074d5af31f2ce49e6cce3ec
SHA1 93f33a6970592cd841fe2466ed9c4698d78448dd
SHA256 8bf2071aec5024f31e30f6e26cb2fb9c86cbe5b3fb23f507ee309c5873713767
SHA512 6431abb7bab5bac262bda588c56b21b56b54f66fb7a3498aa8feb5e67788a8362ea9e191461d6149f29b995f1b5e21953214af85a5b8b2204c8358d57dc1164d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 118bbe8fbd430b445ac412585689f41c
SHA1 40cbc8488c8adb9dac3b81382d56f6885278e3c3
SHA256 4fd629859ac327847bf405c215ed04a0b65dbb6c416f6057705590c038b7ea6f
SHA512 57d417569c1842b8ef7cfc365826d2887ec2244746124ed27010c168ab2ed0cc59aa24ab9b4eee936d7a5b41054bdd025bd6cb2de4a9a3e8704b6aabec83bd2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa74a3710a6be292b251330396d22b9f
SHA1 a499ef6f8bf37a5dc4b8627b4d022dab6a66014f
SHA256 9ce1131c3a2e865cf16dfefce4dde864bfd5d11c9018436fbf82fe08a13d7fbc
SHA512 262bb22b0e5aa6d434feb0c70878450c41737a032338ef7b6acb42f2134eed10830eaea5f68841cf3790e877f2d16ce7776bdf8f7317a5ff0fb71594a4bc4e18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f3e9f86d9d2f7e87ba9562f18c9b0904
SHA1 17a81760917a3b52bf69d3735e55f5f6c4c650c3
SHA256 9df701f001367e503e5ab52e2c124f03c4f01b0de5d2d88cec58bc1f9f9bd9e6
SHA512 490ec23183ab369a9b5df93ec21f097bcd1fd2497322a2f2892e6f7c4196a8ea545412310a6f276604bc5255d119f1d8e0dd393ae9975b1359dff7af4f2a8f5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8d4f1213c8109436298f451910142e0
SHA1 5a1661ba8c4213b3fd9cef48de9ee56336841684
SHA256 a31c99596b64a018bbe68d360a6ae98b0f52dca8c751366f03c31b9ca9833597
SHA512 10c5b05f2e76fec561bc9372ad41816e485cc82c0466ea548a59e10c9e6b28ea6ac42832d66a21367e371fc599a5e4b72e667eac28d3cacda04b0a09bb5db843

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3324d82b2a4684130da780cd9ea8baad
SHA1 2075010e6cb1e3e104d09ead96be191732b62ac7
SHA256 b61a047c19b0be15d2bee6e4a064acd6d62379280b1dec4c3624271f05e86017
SHA512 a00d9f7a6aa653b936eb692b8eef52925d817d415695bd3524efa1f783b75f1085aa7964f297673964143b1f22da6d6fe986d4b5988f7d9d2b06557aec4f9309

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f09f62016f637c932d501a6cf3398a56
SHA1 7aec505b36d267290ef398c4e9966e58ce90cc71
SHA256 3658061e55f17e2b4e9493a59bb58477846db9de482c6e4ec7440dfd1bd75fae
SHA512 2394368aa9a0f0a6c612480cf3354198f66ed125e2c9f25590dbf31d6e91ef313d6178450ba04880cd7731c47e9dbeb1694c8004088489853b9095f582e444e0

C:\Users\Admin\Desktop\Clutt6.6.6.exe

MD5 ebe2598356ddaa94e3c507a3bf3fbaaf
SHA1 12fbb71303fbad2d1d6b644d67f3d895ed417ea2
SHA256 bce721a6081d418d0e00bce7dfb5a6b957767b0138690f7e5d642181556b8296
SHA512 e541c1e25c081530b7102445d57c70ceaabb3a719ac895b1322305d3b2e0c6d8cd42dbb231285473a48c8221d94cfd3f9aab431a2aaaf551b55b060d83f87552

memory/2964-1454-0x00000000005E0000-0x0000000000A70000-memory.dmp

memory/4220-1472-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1476-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1481-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1482-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1483-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1484-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1485-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1486-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1487-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1488-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1492-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1497-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1502-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1504-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1509-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1514-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1515-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1517-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1518-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1520-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1522-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1525-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1527-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1531-0x0000000000400000-0x00000000037B4000-memory.dmp

memory/4220-1532-0x0000000000400000-0x00000000037B4000-memory.dmp