Malware Analysis Report

2025-04-14 01:05

Sample ID 240603-j86wksha2s
Target MCFA-Generator..exe
SHA256 ab486b1e20745bc8513cd2c92c3c50a628195bd4e1feb7e517be446a0d4237ec
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ab486b1e20745bc8513cd2c92c3c50a628195bd4e1feb7e517be446a0d4237ec

Threat Level: Shows suspicious behavior

The file MCFA-Generator..exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Detects videocard installed

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:21

Reported

2024-06-03 08:54

Platform

win11-20240426-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618783161610005" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2820 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe
PID 2820 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe
PID 2996 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Windows\system32\cmd.exe
PID 2996 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Windows\system32\cmd.exe
PID 2996 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Windows\system32\cmd.exe
PID 2996 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Windows\system32\cmd.exe
PID 2836 wrote to memory of 2588 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2836 wrote to memory of 2588 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2996 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Windows\system32\cmd.exe
PID 2996 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe C:\Windows\system32\cmd.exe
PID 5020 wrote to memory of 4800 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 5020 wrote to memory of 4800 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1952 wrote to memory of 4256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 4256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 4816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 4816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe

"C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe"

C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe

"C:\Users\Admin\AppData\Local\Temp\MCFA-Generator..exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe0177ab58,0x7ffe0177ab68,0x7ffe0177ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3872 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4132 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 --field-trial-handle=1764,i,3891208368867320257,11397219715803228219,131072 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe0177ab58,0x7ffe0177ab68,0x7ffe0177ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4252 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4952 --field-trial-handle=1948,i,11195709334695266424,16599209888906590870,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 gstatic.com udp
GB 172.217.16.227:443 gstatic.com tcp
GB 88.221.135.34:443 tcp
AU 13.70.79.200:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.200.14:443 apis.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.238:443 ogs.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.187.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.171:443 www.bing.com tcp
IE 52.111.236.22:443 tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI28202\python310.dll

MD5 701e2e5d0826f378a53dc5c83164c741
SHA1 62725dbee8546a7c9751679669c4aeb829bcb5a7
SHA256 9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2
SHA512 df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f

C:\Users\Admin\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

memory/2996-739-0x00007FFDFE2A0000-0x00007FFDFE70E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\base_library.zip

MD5 6d649e03da81ff46a818ab6ee74e27e2
SHA1 90abc7195d2d98bac836dcc05daab68747770a49
SHA256 afede0c40e05ce5a50ff541b074d878b07753b7c1b21d15f69d17f66101ba8fd
SHA512 e39621c9a63c9c72616ae1f960e928ad4e7bad57bfb5172b296a7cc49e8b8e873be44247a475e7e1ded6bc7e17aa351397cdeb40841258e75193586f4649d737

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_ctypes.pyd

MD5 c8b1e1f994b23a47ebae0a1f3a2f314c
SHA1 5636ed108b67958988586fdb7bf7aa9bc841960c
SHA256 4ad24645396dee635c6900b48704df0ba3f9d728331d207b73d1efa67c8564c6
SHA512 b584b0cbaa10c7eeb5c292fc2c9cd52831592acdb79afa239ee516f1914c7d50db0fa78616780be2fdcf6a6b3caab7971d794cf6956699b5e9c79145c52f334a

C:\Users\Admin\AppData\Local\Temp\_MEI28202\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI28202\libffi-7.dll

MD5 4e261cbb8247260ea91860986110f805
SHA1 1563d67c2aabcb5e00e25ef293456c6481a2adc3
SHA256 ddfd0755e011ea0df26d77cf3628e2cc59653aee02bf241b54b6b08561520453
SHA512 076cdc8759f9cbbf7f8dc7b1eaba3c51f6c40ae6043b1fb55aa2fb83f81e86933d0f885a61d83300173b9bd7c589ff126e2a5d858a3f4036390d02eb1e73d229

memory/2996-747-0x00007FFE05EC0000-0x00007FFE05EE4000-memory.dmp

memory/2996-749-0x00007FFE06B70000-0x00007FFE06B7F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_bz2.pyd

MD5 5f1fcfa6577ed6ecf4099650873ee9d0
SHA1 7f65d93c52f7bbddcad0420822700c3e43881f78
SHA256 f68775b81e881f2bddeda06442e44d2c6820db2dbab37fa1852dc411d8e28a85
SHA512 590d7961656e52b7979deb6b20a344bcac184041ba0f22f58d6422b8f60877260eab57032e41b6375360ff62879f336a7b453494dc435f332198965107857575

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_lzma.pyd

MD5 b45eca52c04371b2812c9104c7698738
SHA1 4da64729787e58d24ca7dda23c50aedbffe2fc22
SHA256 c31b390ad7834ec10dec2ea2af9d110ffd0483df920046c74236ef736b10fbd7
SHA512 0404effb490fda47f1899c931b7de137038ae7afbfad9aa0155e49066f0b7cd74ba3a92628022197d657114a7d84451521bf0a47037252c158b5c83d0ea1d15f

C:\Users\Admin\AppData\Local\Temp\_MEI28202\libcrypto-1_1.dll

MD5 571796599d616a0d12aa34be09242c22
SHA1 0e0004ab828966f0c8a67b2f10311bb89b6b74ac
SHA256 6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b
SHA512 7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_uuid.pyd

MD5 4759a0790439d7b10a190d4a91751f04
SHA1 d7a5cc04131711003db97135e29db2753f3a252d
SHA256 ee2f712585d63ee001de052bc9229d3d0e7cb759b1894e166d9672caee8b13b6
SHA512 5275bb2c8f96719932e0fc933a530c933634579c1b53cc6ca8664a9a40e06ec47ffbc78dd538c8c19760ce8b7efef214ee6ab6338b7bc0c9f9fee50659068fff

memory/2996-774-0x00007FFE04BF0000-0x00007FFE04C1D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_ssl.pyd

MD5 42469b54eb9a10b20c3ce8007864584d
SHA1 db42e159286406f5092366ca2307af74ed77e488
SHA256 773ab4c98a927ae385ee220a3d59240e2cb86eabc9f3e923e27539b340ca3cf3
SHA512 34c214bdaab507bb091ecff516af2ac1ce1dbc6e0dbf77da6c698e186600bc8236f99e2bb102d2b65ac42a6e4e40a14df6946f3ac97c02bbd0b7ef10aba056dd

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_sqlite3.pyd

MD5 80a1c6be1f23bdd55e6248f92d18677e
SHA1 8c48d2d1bd45d8f478e752fc0beb189be5928a65
SHA256 3212adb3f154cfa01cc366183e631726f3dc22aa4cfb7cdf2ee1a313e53656ba
SHA512 dadfa9f1dfe86ff9295d2016801ae161413ffe858ce7d99dc49dcd0bc167a8fcd16066de76e20e2de50e8b8a1222482bbbd4d548587c5543701d26ff4e410133

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_socket.pyd

MD5 7c65a201e922e8be1f176a4c2db7e377
SHA1 78183e083ecb283de6be50bbecca83c93bdceafb
SHA256 bd3edf2966e386649aa773a86d4aaf6c9d858bcc794d23953ad1abca2c3c9b3e
SHA512 f5ce05753a233f7ae3c7404011ede284c2ee2c3e51d5fa19b10be372c4e6e518cb9ff8a707295d750951e04a828c438e8be0611ef3476fc8fc60473174f6071b

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_queue.pyd

MD5 20268609ecebf39a029a6f912222a112
SHA1 1bf5d03a451040d99ce8556e5ab731c73b27f268
SHA256 8120ef496869391ea2625009d8151e9989267912ea398f5fe2fba10b0476b8bf
SHA512 321cb5d5f52e41940030b935fda3b7f184928071f7645c87c5509d2c58c37ccb320fb73527d26aa0f2624b96a15015f9dbb608b5f8e291f2c4af9c4dd08cb923

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_overlapped.pyd

MD5 f1569470ac25543f29e565a756bddc0c
SHA1 a95e4e22c139aa18da289edb1152842b14ead373
SHA256 f0690bf7cfbe91a29b4f820ed943211bafd40426c7cd325841259973c1badf10
SHA512 c712887b73d593b349222bf181d8b0ca3bac8ec3290453ef24eb2d6572f8dbefe64eaa9023e0a0eae6dfebcd6d2c8f7aa594c5ec0d73ee1d21eedc1f22e48b61

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_multiprocessing.pyd

MD5 f4db581d86747315baffc7a8e049d4c0
SHA1 f70b84cb641e3f837f44e42c3dfcc91e7e835b32
SHA256 3098b2380f875700f2e3c2b8a61b9f49f91d8d1b0e76a520eaaf4c53d6d9166e
SHA512 b17d3c8d1fa0a9335f9d71be893ac140248f523c8569a65365b0df63a11e8682d750b44c9c0396c0431033d6b6f1dd9eb2692bdc6d4cfdad7544f27c900b6b52

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_hashlib.pyd

MD5 12c1703b7464bd94098ee976fbf8672c
SHA1 e73dfb0e9c78ad209fa1a6decd863658d706eba6
SHA256 228f1f78216051c90e5a9cd5aadce01f5c100fe4e60cccd8bcb92fdcbcdda145
SHA512 5b17bcb7e05f0efe15e5362c56d81691f01cdac2737f87486d6cfdfd137d94129b497b6e958a2de6e3f437f4d768da23117d4ad88d22149c9ca4feb474623092

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_decimal.pyd

MD5 c369a14a7020a3603182a4f5cd22e53a
SHA1 372cea2b33218f57281dcd0613b617ccb3908963
SHA256 04769e2f8182c32c780f0bc9324f30a1a2a904b5395e2fcffabbc0cc4fcbff5c
SHA512 371584f1835485a4acbf77d621cd90c74bf6d870f239ee72b65116f4b7909a6344de09a79615b096789d83bd708af0fd3dcb2220c5cccf76661bdcabdf5f8026

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pyd

MD5 e3bcdf92f94fac36d74ca4d57fc651ed
SHA1 519264bc498e253a62f540d8f106343c6772ef68
SHA256 8fa7db27750c4351d403271dc525a411840844cc913415eca2b1866c5e9dbd7f
SHA512 520eb876eb2a090d126780f0e8457ebb948337499db815a23dc5231d2ae80aef2f9ada14f13aa347e8aec5385a1ed85cdc8b3162ed4ca5976b77228f97a85806

C:\Users\Admin\AppData\Local\Temp\_MEI28202\_asyncio.pyd

MD5 6f7e93a4a41fb719dcc2eec804e48049
SHA1 4ea2b6d20fac377cedd76b648664aec59ac9a384
SHA256 3939fa93efb35bbdead8ed294605a764a08828cdf1d88b7bc835edf8409e835b
SHA512 fd4a566d248915da049ceed3f8bfa49590e62401d05e94b06eac84227ea9473519629e7679e68d36b47054ca8526655b792d74bf66bb9350494ff8178855d212

C:\Users\Admin\AppData\Local\Temp\_MEI28202\VCRUNTIME140_1.dll

MD5 bba9680bc310d8d25e97b12463196c92
SHA1 9a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256 e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA512 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

C:\Users\Admin\AppData\Local\Temp\_MEI28202\unicodedata.pyd

MD5 3cc7f1037a741695b6d3cbb4dfb02a5e
SHA1 03731fafd37b9c8e4da287299d3b09ea6482e1e3
SHA256 0c723804b1f1800d273157684771ff22035db92f83146a1a8d0d4b4d0774bb2f
SHA512 612ff0d4fe423bd4e9c6dc0bd5ef3904ffc7c5595671fc9480ebcb8947759030bd96d8a65c49401f99eaa417264922a9e1026955e29f93186571f2a89151e2d3

C:\Users\Admin\AppData\Local\Temp\_MEI28202\sqlite3.dll

MD5 f890b2bffe1a49c34db19fad541d1fed
SHA1 8a978b18fe3d35c46908a9a0d163e56da3cf8ec7
SHA256 afd37cf21f0e8ac613bd6ebfbcf97215f416466fdf34b98207bded5d67f667d7
SHA512 96e97dba2443639958ebf6a85fe9e378811b4876cc824638a15c54707d5f9fe27469ec304b7db6a2e7c916b3c7663b043e624ff13a57b75445de992fd92a06d0

C:\Users\Admin\AppData\Local\Temp\_MEI28202\select.pyd

MD5 7a1b8a953671d61e2ef79b55876c91a5
SHA1 701476f9f4890326acc1390d4b5939c1a63875b6
SHA256 f02fa3749ba56e11b8e55d7b426cdab61186b7d8e7b3590add9b37fa2ec2c061
SHA512 bd900c5e45e89557fef64ba008e414f0a25571fc06dcd7ebd532d66856618c56e0be73e2e5e03c74160c2fd0b7a7c356cdc9ba4bb559d88d6f8813a19a75260a

C:\Users\Admin\AppData\Local\Temp\_MEI28202\pyexpat.pyd

MD5 feed0b6088212af68c9a9d5839aaad82
SHA1 fe7684e423c3e05b1740e8e0d986566051ed16fb
SHA256 29759d0d3e02b0d8f4882f91f1bc7e8f2c43f5d8ac3c3a5c3b24f5f7c341ca8a
SHA512 aed1134fafec64610847cb8545ef97eb92fb0a114f9a715e7894991489b4db50a963c81587da6097c01c76c39b438e9079151507b2106c7be16679d04ef2c12d

C:\Users\Admin\AppData\Local\Temp\_MEI28202\luna.aes

MD5 c2ed0ff5007a1b7b464ecc26125ac023
SHA1 9196dc63349c48fae3d03c43b4d3e6bbededf60c
SHA256 d05105f94359f2e648ac70bbf988961378a784d38bb6b933737c4e59a0884989
SHA512 19fc2845f75f1a57b5c70bd72427320619e60b1cdb7e58f7ab6802c32dc85fa9c654af895cfe70115cc4537b84adf1dbae37e99e9aa7ec0b068ff0ba6ff26601

C:\Users\Admin\AppData\Local\Temp\_MEI28202\libssl-1_1.dll

MD5 aabafc5d0e409123ae5e4523d9b3dee2
SHA1 4d0a1834ed4e4ceecb04206e203d916eb22e981b
SHA256 84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831
SHA512 163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd

memory/2996-753-0x00007FFE06770000-0x00007FFE06789000-memory.dmp

memory/2996-776-0x00007FFE04BB0000-0x00007FFE04BE4000-memory.dmp

memory/2996-780-0x00007FFE06B60000-0x00007FFE06B6D000-memory.dmp

memory/2996-779-0x00007FFE04B90000-0x00007FFE04BA9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\pywin32_system32\pywintypes310.dll

MD5 95fed288c096235b736c0ffca46a9a5f
SHA1 bd868ccb83edb78b01c52649ee698abcb4eb0f3e
SHA256 6c4b09b003645f5a581a2406a003916847a60e689492b5d8c8be3cbbd4254244
SHA512 7adf8fc912a9b85bf2795c5d03d2f63a0cde5ae290be83411dd52099fc9d6f8d7d325f69f3bd064a242d01fd03271827a302c7a1dbe4905ac81387057c07f35b

C:\Users\Admin\AppData\Local\Temp\_MEI28202\pywin32_system32\pythoncom310.dll

MD5 202a8731825a75911a7c6ae1adc7dfac
SHA1 8c71aa55ed68a6abdf3db27938989c72fcbe8e21
SHA256 30b5dbd6d41f6128b063cc7f9854944dd0497b0d9cb6ba8e18c8d55f33b7733e
SHA512 1ae115ad229c378cb952b79b2923ad5209ce89c183d8a24503cf0cb05f77b45a6f04bf15f512472d04ea787aadc5254542b00c7ccd931061843f401874ab165d

memory/2996-789-0x00007FFE01BF0000-0x00007FFE01CAC000-memory.dmp

memory/2996-788-0x00007FFE02140000-0x00007FFE0216E000-memory.dmp

memory/2996-787-0x00007FFE04B80000-0x00007FFE04B8D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\win32\win32api.pyd

MD5 71ec15831e6df0a2ef3bd6ba5c5df7e5
SHA1 18d2a5315668f5ae454d3466ba3b2abc13d98eb6
SHA256 1fca2edfada089e695d4ec071e4b59bfaca3bd30327f72a92a51ec2cb5de46eb
SHA512 50180c8b414787ba9c88a70abb1d28a38bb1250d81b8ffe17bd041f9ec8d99d2c68ac52df09286b77db3ac5b74395e804888804b8280eeda13a3fb160a4cd6b6

memory/2996-792-0x00007FFE01BC0000-0x00007FFE01BEB000-memory.dmp

memory/2996-794-0x00007FFE01B90000-0x00007FFE01BBE000-memory.dmp

memory/2996-799-0x00007FFE017D0000-0x00007FFE01888000-memory.dmp

memory/2996-800-0x000002747D9B0000-0x000002747DD25000-memory.dmp

memory/2996-798-0x00007FFDFE2A0000-0x00007FFDFE70E000-memory.dmp

memory/2996-801-0x00007FFDF0380000-0x00007FFDF06F5000-memory.dmp

memory/2996-803-0x00007FFE05EC0000-0x00007FFE05EE4000-memory.dmp

memory/2996-804-0x00007FFE01FC0000-0x00007FFE01FD5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\zstandard\backend_c.cp310-win_amd64.pyd

MD5 6aa20997ac4e2ed34c3977d46a28662e
SHA1 9618bb8038c6132f012cf5c9a8a1be24e5a65a26
SHA256 e07dda20d5403f5beca70c0db5229a7b4f81cc735ec3f9220da0475fce90146e
SHA512 6f5562e52f342c4e1ef3f763e63ef79f4796bdfadd19cb3d723cf0612368644917a62f64cd2fc8f8b93e918d69de6399fadf4c223bb2261b6154930001f43b07

memory/2996-807-0x00007FFE02000000-0x00007FFE02010000-memory.dmp

memory/2996-809-0x00007FFE01B00000-0x00007FFE01B87000-memory.dmp

memory/2996-811-0x00007FFE017B0000-0x00007FFE017C4000-memory.dmp

memory/2996-819-0x00007FFE04B90000-0x00007FFE04BA9000-memory.dmp

memory/2996-818-0x00007FFE01770000-0x00007FFE01796000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\certifi\cacert.pem

MD5 2a6bef11d1f4672f86d3321b38f81220
SHA1 b4146c66e7e24312882d33b16b2ee140cb764b0e
SHA256 1605d0d39c5e25d67e7838da6a17dcf2e8c6cfa79030e8fb0318e35f5495493c
SHA512 500dfff929d803b0121796e8c1a30bdfcb149318a4a4de460451e093e4cbd568cd12ab20d0294e0bfa7efbd001de968cca4c61072218441d4fa7fd9edf7236d9

memory/2996-820-0x00007FFE01650000-0x00007FFE01768000-memory.dmp

memory/2996-817-0x00007FFE017A0000-0x00007FFE017AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 1fad2ff24ed0e2fcf6ea8063f0d52520
SHA1 7df4dd9333c58f3fe142fcb4d48af52d6196066e
SHA256 b8b328bb6cd58475d7235578f27aef4dfeeefe1abd7198af564cb541cccf5e30
SHA512 0447b2b7f1b72c7e9c2e4b5909b90495964f1979f299fdbda0fd291daeaf07e937fbf0373e89fb78bae66694ca6ac2c37571f2e04787ba1b2db0ebde95be0e58

C:\Users\Admin\AppData\Local\Temp\_MEI28202\charset_normalizer\md.cp310-win_amd64.pyd

MD5 e8b4d1cb8570939208d373a453633173
SHA1 ee1fb7d18f65d56dbf4b46df9a457cf93c473b98
SHA256 595f85c233750daf228b7dc19c28327b06ac9964835a48811d126ea47ab063c1
SHA512 d9ae659e2919758825db32b26e0233689d0fdaad241a8edb9316ed1684841ad665cd3b3b5e9bbfb0375c3fe1ea8557aac11b7c824257347ee36258c779c72eea

memory/2996-824-0x00007FFE01640000-0x00007FFE0164A000-memory.dmp

memory/2996-823-0x00007FFE01BF0000-0x00007FFE01CAC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28202\psutil\_psutil_windows.pyd

MD5 8a8e3fdcafb2d8f07b54028edafb5b09
SHA1 9eccb4d95d1e700109e3c786713b523958b14c25
SHA256 a1a297c62345f33d3bdb7db4e4b23b3aad75057440d1218d34291b57b1538423
SHA512 a32dc4e508e0b844fa7fd1efade9af999b3bd9116bc93657d6718608b8cdee3e3b1b753ea52549d2f36a831f7bf0edd661f57693d1fa5b1b84bc0d894fcff258

memory/2996-830-0x00007FFDF0200000-0x00007FFDF0371000-memory.dmp

memory/2996-829-0x00007FFE015B0000-0x00007FFE015CF000-memory.dmp

memory/2996-828-0x00007FFE01620000-0x00007FFE01638000-memory.dmp

memory/2996-827-0x00007FFE01B90000-0x00007FFE01BBE000-memory.dmp

memory/2996-831-0x00007FFE01520000-0x00007FFE01558000-memory.dmp

memory/2996-837-0x00007FFE014F0000-0x00007FFE014FC000-memory.dmp

memory/2996-849-0x00007FFE013C0000-0x00007FFE013CC000-memory.dmp

memory/2996-848-0x00007FFE01470000-0x00007FFE0147B000-memory.dmp

memory/2996-847-0x00007FFE01490000-0x00007FFE0149E000-memory.dmp

memory/2996-854-0x00007FFE01370000-0x00007FFE0137B000-memory.dmp

memory/2996-856-0x00007FFE01B00000-0x00007FFE01B87000-memory.dmp

memory/2996-855-0x00007FFE00450000-0x00007FFE0046C000-memory.dmp

memory/2996-853-0x00007FFDFE270000-0x00007FFDFE299000-memory.dmp

memory/2996-852-0x00007FFE01380000-0x00007FFE0138C000-memory.dmp

memory/2996-851-0x00007FFE01390000-0x00007FFE013A2000-memory.dmp

memory/2996-850-0x00007FFE013B0000-0x00007FFE013BD000-memory.dmp

memory/2996-857-0x00007FFDEFF20000-0x00007FFDF01FF000-memory.dmp

memory/2996-846-0x00007FFE014D0000-0x00007FFE014DC000-memory.dmp

memory/2996-845-0x00007FFE014E0000-0x00007FFE014EB000-memory.dmp

memory/2996-844-0x00007FFE01FC0000-0x00007FFE01FD5000-memory.dmp

memory/2996-843-0x00007FFE013D0000-0x00007FFE013DC000-memory.dmp

memory/2996-842-0x00007FFE01460000-0x00007FFE0146B000-memory.dmp

memory/2996-841-0x00007FFE01480000-0x00007FFE0148C000-memory.dmp

memory/2996-840-0x00007FFE014A0000-0x00007FFE014AC000-memory.dmp

memory/2996-839-0x00007FFE014B0000-0x00007FFE014BC000-memory.dmp

memory/2996-838-0x00007FFE014C0000-0x00007FFE014CB000-memory.dmp

memory/2996-836-0x00007FFE01500000-0x00007FFE0150B000-memory.dmp

memory/2996-835-0x00007FFE01510000-0x00007FFE0151B000-memory.dmp

memory/2996-834-0x00007FFDF0380000-0x00007FFDF06F5000-memory.dmp

memory/2996-833-0x000002747D9B0000-0x000002747DD25000-memory.dmp

memory/2996-832-0x00007FFE017D0000-0x00007FFE01888000-memory.dmp

memory/2996-858-0x00007FFDEDE20000-0x00007FFDEFF13000-memory.dmp

memory/2996-859-0x00007FFE01770000-0x00007FFE01796000-memory.dmp

memory/2996-861-0x00007FFDFE220000-0x00007FFDFE241000-memory.dmp

memory/2996-860-0x00007FFDFE250000-0x00007FFDFE267000-memory.dmp

memory/2996-863-0x00007FFDFE1F0000-0x00007FFDFE212000-memory.dmp

memory/2996-862-0x00007FFE01650000-0x00007FFE01768000-memory.dmp

memory/2996-864-0x00007FFDFE150000-0x00007FFDFE1EC000-memory.dmp

memory/2996-868-0x00007FFDF7530000-0x00007FFDF7563000-memory.dmp

memory/2996-867-0x00007FFDF0200000-0x00007FFDF0371000-memory.dmp

memory/2996-866-0x00007FFE015B0000-0x00007FFE015CF000-memory.dmp

memory/2996-865-0x00007FFDFDD30000-0x00007FFDFDD60000-memory.dmp

memory/2996-872-0x00007FFDEDD60000-0x00007FFDEDE14000-memory.dmp

memory/2996-875-0x00007FFDFE130000-0x00007FFDFE14A000-memory.dmp

memory/2996-874-0x00007FFE01520000-0x00007FFE01558000-memory.dmp

memory/2996-873-0x00007FFDF6270000-0x00007FFDF62B8000-memory.dmp

memory/2996-871-0x00007FFDF6250000-0x00007FFDF6263000-memory.dmp

memory/2996-870-0x00007FFDF7510000-0x00007FFDF752D000-memory.dmp

memory/2996-869-0x00007FFDFDD10000-0x00007FFDFDD29000-memory.dmp

memory/2996-877-0x00007FFDFE2A0000-0x00007FFDFE70E000-memory.dmp

memory/2996-902-0x000002747F960000-0x000002747FBA5000-memory.dmp

memory/2996-890-0x00007FFE017D0000-0x00007FFE01888000-memory.dmp

memory/2996-921-0x00007FFE013C0000-0x00007FFE013CC000-memory.dmp

memory/2996-920-0x00007FFE014F0000-0x00007FFE014FC000-memory.dmp

memory/2996-919-0x00007FFE01500000-0x00007FFE0150B000-memory.dmp

memory/2996-918-0x00007FFE01510000-0x00007FFE0151B000-memory.dmp

memory/2996-917-0x00007FFE01520000-0x00007FFE01558000-memory.dmp

memory/2996-916-0x00007FFDF6270000-0x00007FFDF62B8000-memory.dmp

memory/2996-915-0x00007FFE015B0000-0x00007FFE015CF000-memory.dmp

memory/2996-914-0x00007FFE01620000-0x00007FFE01638000-memory.dmp

memory/2996-913-0x00007FFE01640000-0x00007FFE0164A000-memory.dmp

memory/2996-912-0x00007FFE01770000-0x00007FFE01796000-memory.dmp

memory/2996-911-0x00007FFE017A0000-0x00007FFE017AB000-memory.dmp

memory/2996-910-0x00007FFE017B0000-0x00007FFE017C4000-memory.dmp

memory/2996-909-0x00007FFE01B00000-0x00007FFE01B87000-memory.dmp

memory/2996-908-0x00007FFE02000000-0x00007FFE02010000-memory.dmp

memory/2996-907-0x00007FFE01470000-0x00007FFE0147B000-memory.dmp

memory/2996-906-0x00007FFE01490000-0x00007FFE0149E000-memory.dmp

memory/2996-905-0x00007FFE014D0000-0x00007FFE014DC000-memory.dmp

memory/2996-904-0x00007FFE014E0000-0x00007FFE014EB000-memory.dmp

memory/2996-903-0x00007FFDFDD30000-0x00007FFDFDD60000-memory.dmp

memory/2996-889-0x00007FFE01B90000-0x00007FFE01BBE000-memory.dmp

memory/2996-888-0x00007FFE01BC0000-0x00007FFE01BEB000-memory.dmp

memory/2996-887-0x00007FFE01BF0000-0x00007FFE01CAC000-memory.dmp

memory/2996-886-0x00007FFE02140000-0x00007FFE0216E000-memory.dmp

memory/2996-885-0x00007FFE04B80000-0x00007FFE04B8D000-memory.dmp

memory/2996-884-0x00007FFE06B60000-0x00007FFE06B6D000-memory.dmp

memory/2996-883-0x00007FFE04B90000-0x00007FFE04BA9000-memory.dmp

memory/2996-882-0x00007FFE04BB0000-0x00007FFE04BE4000-memory.dmp

memory/2996-881-0x00007FFE04BF0000-0x00007FFE04C1D000-memory.dmp

memory/2996-880-0x00007FFE06770000-0x00007FFE06789000-memory.dmp

memory/2996-879-0x00007FFE06B70000-0x00007FFE06B7F000-memory.dmp

memory/2996-878-0x00007FFE05EC0000-0x00007FFE05EE4000-memory.dmp

memory/2996-898-0x00007FFE01650000-0x00007FFE01768000-memory.dmp

memory/2996-892-0x00007FFE01FC0000-0x00007FFE01FD5000-memory.dmp

memory/2996-891-0x00007FFDF0380000-0x00007FFDF06F5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4d441d9e20cb52e0602496c3bc8ec543
SHA1 b330f852fbab71601fbafee8cae41868f0e4f27c
SHA256 de956997dbc47cdb138b9c5912ff0cb7c7ba2c58c8b015891b7b81597e527afd
SHA512 91b525967470c01b43e8067c987c054046d022c0fabe18aecc89a3555aa90bc14ef7971cd66d19fed663060e4b8f88bdb108c1e34b32dc6da8d1e321ee49e602

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03340dd7a7c0afe3cbfb67b68e500c04
SHA1 5f4de0536116457bb62eb91c92e6769b3412c1f9
SHA256 e4ad64515cbdae698b01a12e2e6b073b27c145afe8305fbf007791da9da63ba4
SHA512 a078413da6397e049917a403cc66837aa357edf9c67dd9ff33c12e398bb82ed636ecb6d1b8ba8d297dce60003ee9b472e8d8fd28b8c5a08ae38cd0c1042e52e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7f6c02d7796b9e7c823945fac0f01406
SHA1 3c7b4ed6f44faf4fb82560495e4d914d76d4a666
SHA256 244de8a3b5338624e7d502234fdddacd548849d0935a3706cc24d20dbb4f7c44
SHA512 082c72af7a85147abea39e74681cdcc6de773f8fbc34229c90064f561fb2fc859d17bb5ff305578ef329fda2375162055a0e908674fb38b4b270e7b4455c5fa8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1783013225c9fa6f62b23fb14630e6db
SHA1 a0a04450915cfcdf73dc7f856f9efa6b8994ddb7
SHA256 c97ee2a010a3cf91a664f0e37beaf1e7310cfa17b1b49b7780893d6734c81a28
SHA512 a702083d8db7876947d46f2456a9179e0a0c73a9501d7f86a684ec96be7bb31a9829c55093c6def10275a75a3fb95fe47760656a1dfc98e8f74be067d7501f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e68079e6eae891f62f4b8ee7eb08630b
SHA1 8a9e5dfd89a854bf15f9a3702f9def678625c1b1
SHA256 ce84f112dd95c892237d4eb04c6aa8aec4aae740c32f14abc2e0e14f6fe92931
SHA512 3bd6bccb4f65e5d3feac2beba56de7d3553ab7125aa688f6ed554a681c4e6c7fbac2a8f6c9b966d4e8d3c61ce3aaf7da8dcf722db40fc2b561341e4fb481bf7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 47096e21b2336a39aba148148df53adb
SHA1 19d5b6eec775fe351f2b8dc81ccbe4f0090e2482
SHA256 009d3fee0064be3adaf45985444975198a94dc6aabe6ccb3d53c10aa2cc0d37d
SHA512 dbd82b7ffdac30aa5cd4a42e82ff5b810bf46fad5805f1b4c6f3b57f974870feb8628497b6c7d1200a60b0eb769b5acde7aa7a07f54c1c20964a10dde8013441

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 56b7a7e846f05779c7a4dd09448bec75
SHA1 acd2fc825149c756b527ecfadc2f5de2192f9222
SHA256 5b4311f0dc377ec289afab20af23cc53c527ab1e1a24fb1078c516177e1d5e33
SHA512 1ba29431b73fd51bec0a177b9c7d1fc2f29cb92fb810e3e595090ddc6819bf989d091942c4b8007f4a75352b6e5393875795fc9b4d1772ff1300b347e9928989

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fe0564e60bca98f07f3cbaf8ac77999e
SHA1 bd3c7c933500606e6777f58304fff8e771da4c96
SHA256 755a85b01ce80f82a2613f69f59eaf79b3d8529beef6cd7d56bce885ae424554
SHA512 c200c9e3725af83aef01b361a3cf2f9b6fa477fdd8602504a9f42069bbc4af0d146ce85a6c61599aff8a10eeccbfcb42c0dc39d7e038a758afb0bec5b91d62b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 96b0a0d9cf3ad8975348a1d175b365a4
SHA1 07ccdf19636e83cbbab9541acf001b5edf7739a3
SHA256 9deb4c101cf9c47578dd97e6ab7a7cdacce61f0c933f61b11cf2616bca18f099
SHA512 2e001171bf937e804661abf6f312f74c2c7d9b96a0d6619020f2e4a3443389f8fde31b0026dd5211b69844da7117e955b8ffdaea247ff130336357fb9633f885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1853697c667f798beedd4e7419d9ab36
SHA1 7d136526b8d3fca4c907f4c203acb2edbd9184a2
SHA256 c003995201963499b33492a057184c1146ccf1f426a020eab463b64ad67fa913
SHA512 086ac0f5ef951836e1578a5a9a8434b9cf7497c5b4ad730b120331576f57da030c8f15a4a146533910c48a99cdc018f57a0b64f45af29479fe15de775753569e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a63f7bb84fcea9f0ab3c12d6bd13432
SHA1 b1e62a6d2e917d9987a7fede331f1d90a5fa8b52
SHA256 9fc94ccbc80cbc196d8a5edb2e0ba4a303a18eedb0f9f14ad0cf382ccc18e50f
SHA512 6390a85a4b7d8f14d75e9964a86fbf6856798e752baad9cbe57a7c424e8ea5fbe9ef69c732b5e667bff5913cbda932437cdb48b068559c62ca058d2b7db8fb2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b3cca9c615bc64f8a8e146bf7158f779
SHA1 ac9c1467117b89c81377987d069137778493f2ab
SHA256 31c6f3dcb5652c0e2a577ee71845fb8f06c2f875ed1f34094db8d06d228710eb
SHA512 0517804cf4dd7b7938cc22b09f99aeb27c5b870c13b1b980dbd9c4b05b092b61a209171929b40d5d90f3267f950a98731b4203c08133c0e152a30fa7b8092a87