Malware Analysis Report

2024-09-09 17:32

Sample ID 240613-qkv8hazhjh
Target incognito v1.1.6dev.exe
SHA256 15aa7b28eb003b5bfea6679de772a34e59372f2155a87ba8f05ce8c4118e2e3e
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

15aa7b28eb003b5bfea6679de772a34e59372f2155a87ba8f05ce8c4118e2e3e

Threat Level: Shows suspicious behavior

The file incognito v1.1.6dev.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Modifies data under HKEY_USERS

NTFS ADS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:19

Reported

2024-06-13 13:41

Platform

win11-20240611-en

Max time kernel

1200s

Max time network

1177s

Command Line

"C:\Users\Admin\AppData\Local\Temp\incognito v1.1.6dev.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627587561791988" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\incognito.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1780 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\incognito v1.1.6dev.exe C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe
PID 1780 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\incognito v1.1.6dev.exe C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe
PID 2476 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe C:\Windows\system32\cmd.exe
PID 2476 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe C:\Windows\system32\cmd.exe
PID 3152 wrote to memory of 2344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 2728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3152 wrote to memory of 1776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\incognito v1.1.6dev.exe

"C:\Users\Admin\AppData\Local\Temp\incognito v1.1.6dev.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe

"C:\Users\Admin\AppData\Local\Temp\incognito v1.1.6dev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7ff9b684ab58,0x7ff9b684ab68,0x7ff9b684ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4756 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4872 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1588 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3252 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2224 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3536 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4292 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3980 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5388 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5516 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5676 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5820 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5824 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5956 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6252 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6268 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4740 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6684 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6828 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6980 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7400 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7544 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7328 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6400 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6964 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7652 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5436 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6576 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4308 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5568 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8420 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8944 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9100 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_5776_133627588282649715\incognito.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\incognito.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_2064_133627588504626822\incognito.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_incognito.zip\incognito\incognito v1.1.6dev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=3500 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8896 --field-trial-handle=1804,i,6122230589340762549,4620731740961526554,131072 /prefetch:2

C:\Users\Admin\Desktop\incognito\incognito\incognito v1.1.6dev.exe

"C:\Users\Admin\Desktop\incognito\incognito\incognito v1.1.6dev.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_5288_133627589084616286\incognito.exe

"C:\Users\Admin\Desktop\incognito\incognito\incognito v1.1.6dev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\Desktop\incognito\incognito\incognito v1.1.6dev.exe

"C:\Users\Admin\Desktop\incognito\incognito\incognito v1.1.6dev.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_1984_133627589697386109\incognito.exe

"C:\Users\Admin\Desktop\incognito\incognito\incognito v1.1.6dev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com tcp
US 45.55.107.24:443 file.io tcp
US 45.55.107.24:443 file.io tcp
HR 65.9.189.31:443 www.file.io tcp
US 151.101.3.42:443 hb.vntsm.com tcp
US 151.101.3.42:443 hb.vntsm.com tcp
US 151.101.1.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 104.22.47.142:443 hb.vntsm.io tcp
US 104.26.3.70:443 ad-delivery.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 45.55.107.24:443 file.io tcp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.15.177.108.in-addr.arpa udp
HR 65.9.19.123:443 c.amazon-adsystem.com tcp
HR 65.9.189.16:443 cdn.exelator.com tcp
IE 34.254.143.3:443 mydmp.exelator.com tcp
HR 65.9.19.123:443 c.amazon-adsystem.com tcp
HR 65.9.189.125:443 config.aps.amazon-adsystem.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 34.198.187.95:443 onsite-tag-logs.apps.nielsen.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 95.187.198.34.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
NL 89.207.16.146:443 proc.ad.cpe.dotomi.com tcp
US 104.22.4.69:443 a.ad.gt tcp
DE 162.19.138.82:443 id5-sync.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 script.4dex.io udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 tlx.3lift.com udp
HR 65.9.188.156:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 104.26.8.169:443 script.4dex.io tcp
FR 91.134.110.129:443 prg.smartadserver.com tcp
FR 91.134.110.129:443 prg.smartadserver.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 18.185.42.31:443 btlr.sharethrough.com tcp
DE 18.185.42.31:443 btlr.sharethrough.com tcp
DE 18.185.42.31:443 btlr.sharethrough.com tcp
DE 18.185.42.31:443 btlr.sharethrough.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 track.venatusmedia.com udp
DE 18.157.230.4:443 tlx.3lift.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
IE 54.228.28.223:443 track.venatusmedia.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 156.188.9.65.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 129.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 31.42.185.18.in-addr.arpa udp
US 8.8.8.8:53 78.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 223.28.228.54.in-addr.arpa udp
US 8.8.8.8:53 32.1.166.69.in-addr.arpa udp
GB 172.217.169.65:443 b50aca7df08d59c0ee7bcfb5520858b2.safeframe.googlesyndication.com tcp
SE 23.34.233.243:443 tg1.aniview.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
SE 2.21.96.67:443 feed.avplayer.com tcp
SE 184.31.15.75:443 content1.avplayer.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
FR 185.93.2.246:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.96.21.2.in-addr.arpa udp
US 8.8.8.8:53 75.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 186.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 246.2.93.185.in-addr.arpa udp
SE 184.31.15.75:443 player.aniview.com tcp
SE 184.31.15.75:443 player.aniview.com tcp
SE 23.34.233.243:443 play.aniview.com tcp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
FR 178.32.197.53:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ssp.disqus.com udp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
GB 2.22.101.110:443 secure-assets.rubiconproject.com tcp
SE 23.34.232.193:443 ads.pubmatic.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 54.92.179.157:443 ssp.disqus.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
IE 176.34.168.98:443 ap.lijit.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
SE 184.31.15.75:443 player.aniview.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 96.46.186.182:443 sync.aniview.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
BE 104.90.26.20:443 eus.rubiconproject.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 52.48.194.99:443 delivery.redpineapplemedia.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 52.48.194.99:443 delivery.redpineapplemedia.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
BE 104.90.26.20:443 eus.rubiconproject.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
SE 184.31.15.75:443 player.aniview.com tcp
SE 184.31.15.75:443 player.aniview.com tcp
SE 184.31.15.75:443 player.aniview.com tcp
SE 184.31.15.75:443 player.aniview.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 54.221.116.2:443 sync.srv.stackadapt.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
DE 69.192.160.186:443 acdn.adnxs.com tcp
US 54.221.116.2:443 sync.srv.stackadapt.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
US 69.166.1.34:443 sync.go.sonobi.com tcp
IE 54.72.245.162:443 sync.crwdcntrl.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 20.26.90.104.in-addr.arpa udp
US 8.8.8.8:53 99.194.48.52.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 34.111.113.62:443 pixel.tapad.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
HR 65.9.189.76:443 hb.yellowblue.io tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 52.17.120.207:443 match.prod.bidr.io tcp
HR 65.9.189.32:443 api-2-0.spot.im tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
US 54.161.232.244:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 gum.aidemsrv.com udp
DE 18.197.7.178:443 rtb.mfadsrvr.com tcp
IE 34.255.106.93:443 jadserve.postrelease.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 104.17.44.93:443 gum.aidemsrv.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 bttrack.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.6.254:443 cm.adform.net tcp
US 8.8.8.8:53 34.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 76.189.9.65.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 207.120.17.52.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 32.189.9.65.in-addr.arpa udp
US 8.8.8.8:53 93.106.255.34.in-addr.arpa udp
US 8.8.8.8:53 178.7.197.18.in-addr.arpa udp
US 8.8.8.8:53 93.44.17.104.in-addr.arpa udp
US 8.8.8.8:53 244.232.161.54.in-addr.arpa udp
US 8.8.8.8:53 63.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
GB 142.250.200.10:443 imasdk.googleapis.com udp
GB 216.58.204.70:443 s0.2mdn.net tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
GB 18.134.84.26:443 1f2e7.v.fwmrm.net tcp
US 96.46.186.15:443 track1.avplayer.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 74.125.195.120:443 csi.gstatic.com tcp
US 74.125.195.120:443 csi.gstatic.com tcp
US 74.125.195.120:443 csi.gstatic.com tcp
US 74.125.195.120:443 csi.gstatic.com tcp
SE 23.34.232.19:443 hbx.media.net tcp
US 74.125.195.120:443 csi.gstatic.com tcp
US 74.125.195.120:443 csi.gstatic.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 15.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.195.125.74.in-addr.arpa udp
US 8.8.8.8:53 19.232.34.23.in-addr.arpa udp
US 74.125.195.120:443 csi.gstatic.com udp
GB 142.250.178.14:443 gcdn.2mdn.net tcp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.178.2:443 www.googletagservices.com tcp
GB 142.250.178.2:443 www.googletagservices.com tcp
US 8.8.8.8:53 r5---sn-aigl6ner.c.2mdn.net udp
GB 173.194.183.138:443 r5---sn-aigl6ner.c.2mdn.net tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
BE 64.233.166.155:443 bid.g.doubleclick.net udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
IE 54.228.28.223:443 track.venatusmedia.com tcp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 34.120.111.33:443 api.edkt.io tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 104.18.36.155:443 ssum.casalemedia.com tcp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 104.18.36.155:443 ssum.casalemedia.com udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
GB 142.250.178.14:443 gcdn.2mdn.net udp
GB 173.194.183.138:443 r5---sn-aigl6ner.c.2mdn.net udp
GB 142.250.178.2:443 www.googletagservices.com udp
NL 185.89.210.180:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 91.134.110.129:443 prg.smartadserver.com tcp
DE 18.185.42.31:443 btlr.sharethrough.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 go1.aniview.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 delivery.redpineapplemedia.com udp
US 8.8.8.8:53 e2c50.gcp.gvt2.com udp
IE 34.242.124.109:443 delivery.redpineapplemedia.com tcp
US 35.212.16.125:443 e2c50.gcp.gvt2.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
FR 91.134.110.129:443 prg.smartadserver.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 125.16.212.35.in-addr.arpa udp
US 8.8.8.8:53 109.124.242.34.in-addr.arpa udp
BE 64.233.166.155:443 bid.g.doubleclick.net udp
GB 142.250.178.14:443 gcdn.2mdn.net udp
GB 142.250.178.2:443 www.googletagservices.com udp
GB 173.194.183.138:443 r5---sn-aigl6ner.c.2mdn.net udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
FR 91.134.110.129:443 prg.smartadserver.com tcp
GB 142.250.200.10:443 imasdk.googleapis.com udp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
FR 91.134.110.129:443 prg.smartadserver.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
BE 64.233.166.155:443 bid.g.doubleclick.net udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
FR 91.134.110.129:443 prg.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 142.250.200.10:443 imasdk.googleapis.com udp
US 8.8.8.8:53 e2c3.gcp.gvt2.com udp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
US 8.8.8.8:53 50.111.84.34.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 216.239.32.36:443 region1.analytics.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\incognito.exe

MD5 e988f89594fc2de75f8ad3e3297ae613
SHA1 421d4df07aeaa5ff86452cf07b26f418ac8c380f
SHA256 82e9b402d43b98c46188968af43976d0363613563322f0cf442c06bf4198e852
SHA512 f44f12415de9e6c9bd248aebd498ec5e6d53949dcdfe5b7b52e463050f607c78b152145d78b19c439f75ccc48a6e2576b53b33e44856765331c7fd4244530dd6

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32file.pyd

MD5 06afadb12d29f947746dea813784efe1
SHA1 60402c0f3e5bc5a50f220aa98a40060572b8f5cb
SHA256 4a9f813daa23e27c8a1d0915cfcc1c06e4df10c9ee33a37e215888129501d256
SHA512 3032eb20475873d037ab3722596d98841ddc18a698981697dca85a5d446d0d9985b397eaac1b91c44527adbfdd97a6435261b28529acabe6dd7b4ed59c1162ee

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pywintypes311.dll

MD5 90b786dc6795d8ad0870e290349b5b52
SHA1 592c54e67cf5d2d884339e7a8d7a21e003e6482f
SHA256 89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a
SHA512 c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\vcruntime140_1.dll

MD5 75e78e4bf561031d39f86143753400ff
SHA1 324c2a99e39f8992459495182677e91656a05206
SHA256 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e
SHA512 ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\_ctypes.pyd

MD5 6a9ca97c039d9bbb7abf40b53c851198
SHA1 01bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256 e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512 dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\libffi-8.dll

MD5 32d36d2b0719db2b739af803c5e1c2f5
SHA1 023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512 a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd

MD5 4101128e19134a4733028cfaafc2f3bb
SHA1 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d
SHA256 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80
SHA512 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\_lzma.pyd

MD5 337b0e65a856568778e25660f77bc80a
SHA1 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f
SHA256 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a
SHA512 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\_hashlib.pyd

MD5 de4d104ea13b70c093b07219d2eff6cb
SHA1 83daf591c049f977879e5114c5fea9bbbfa0ad7b
SHA256 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e
SHA512 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\_socket.pyd

MD5 8140bdc5803a4893509f0e39b67158ce
SHA1 653cc1c82ba6240b0186623724aec3287e9bc232
SHA256 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512 d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\select.pyd

MD5 97ee623f1217a7b4b7de5769b7b665d6
SHA1 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA256 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA512 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\win32api.pyd

MD5 1d6762b494dc9e60ca95f7238ae1fb14
SHA1 aa0397d96a0ed41b2f03352049dafe040d59ad5d
SHA256 fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664
SHA512 0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\python3.dll

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_tkinter.pyd

MD5 442304ce4ad2d40e0d85a89b52b6d272
SHA1 5b5add527dd6fea47d4caa923694eee8d741b488
SHA256 6ff6cc788f1ab19de383810ddbd15ecd5fc8216faf5e1e406bbf9a608fbb9991
SHA512 df5a47780a6642c310417c2d2e8c439eb2a324d9318ef1ea5af36c5657cc34a8aa950edbe5f91869bf0d50cccebcb7a08447dbcfdc75e29acc8c72327f231e43

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll

MD5 499fa3dea045af56ee5356c0ce7d6ce2
SHA1 0444b7d4ecd25491245824c17b84916ee5b39f74
SHA256 20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94
SHA512 d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\PIL\_imaging.pyd

MD5 15118d51e423acf230b170559c3fb713
SHA1 e1cb1f053516aba77e7df239c63ffa0a4864e3c3
SHA256 7334f1a36c66ae8969ec0c47984a5485ded66b920185b3d00a48ab72d441e8e2
SHA512 ccc2dc637522e5a441047f2dd3aa6b442b8c773bf6ba30c87d4d0c763b0a6ece19590f9014459ae1c21fe7778a0aa10ab5c1b3597c7db09420cce95ab021e575

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd

MD5 069bccc9f31f57616e88c92650589bdd
SHA1 050fc5ccd92af4fbb3047be40202d062f9958e57
SHA256 cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32
SHA512 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\unicodedata.pyd

MD5 bc58eb17a9c2e48e97a12174818d969d
SHA1 11949ebc05d24ab39d86193b6b6fcff3e4733cfd
SHA256 ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa
SHA512 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\win32process.pyd

MD5 936b26a67e6c7788c3a5268f478e01b8
SHA1 0ee92f0a97a14fcd45865667ed02b278794b2fdf
SHA256 0459439ef3efa0e0fc2b8ca3f0245826e9bbd7e8f3266276398921a4aa899fbd
SHA512 bfe37390da24cc9422cabbbbbc7733d89f61d73ecc3765fe494b5a7bd044e4ffb629f1bb4a28437fe9ad169ae65f2338c15d689f381f9e745c44f2741388860b

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\win32gui.pyd

MD5 3c81c0ceebb2b5c224a56c024021efad
SHA1 aee4ddcc136856ed2297d7dbdc781a266cf7eab9
SHA256 6085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629
SHA512 f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\_uuid.pyd

MD5 9a4957bdc2a783ed4ba681cba2c99c5c
SHA1 f73d33677f5c61deb8a736e8dde14e1924e0b0dc
SHA256 f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44
SHA512 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tcl86t.dll

MD5 ac6cd2fb2cd91780db186b8d6e447b7c
SHA1 b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a
SHA256 a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6
SHA512 45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

C:\Users\Admin\AppData\Local\Temp\onefile_1780_133627584735734978\psutil\_psutil_windows.pyd

MD5 3cba71b6bc59c26518dc865241add80a
SHA1 7e9c609790b1de110328bbbcbb4cd09b7150e5bd
SHA256 e10b73d6e13a5ae2624630f3d8535c5091ef403db6a00a2798f30874938ee996
SHA512 3ef7e20e382d51d93c707be930e12781636433650d0a2c27e109ebebeba1f30ea3e7b09af985f87f67f6b9d2ac6a7a717435f94b9d1585a9eb093a83771b43f2

\??\pipe\crashpad_3152_TWRLCMMEQNZHBEKK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cc46f2a31e50f84db43ae035f695f70e
SHA1 f646c8faf723b3f1b182511f0b669cce7a79771f
SHA256 d318a85f7f4e938bc5ffa599a95126ad2435dbb565bb053e767cf23d6d15e357
SHA512 ea747f7eb39c216d610b22f9902627ad3d7b5db7f8950b49e952f17e5fbc214deabe6bf81e71e823fe138cc1094cc48b7a1f9eebe6266ef2b96847666a5cd946

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69db0624e5da362e4c6a79b51be5266e
SHA1 7826fd0c5e469d5552b38ec1560bcbadcdc0da96
SHA256 ed2c41b3e29b506e4ecc51fbd678167630f696bd4f69016bc01aa9581668eb96
SHA512 13263123ccc8b0662b00160b8becb12a66f7c847e2f61c91ad7edffcac2579c23d246615809fc8a59a2fb8d31533f0d17422d89107c5c93d8c84e4ef6700bba7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c4a6320b7df3dfb7329726a024ed3e1
SHA1 891955f6d34e14e9853c6981972f939e84dff44b
SHA256 163da4d602329642825fb5ed28163932a1d85ecf9d630d949aa044fdd5b08770
SHA512 58ff08a993354bc0c9d469c0e1cd4c8ed77cc65382477c0c008bd9cfdb70d14291500a0259b78f3703297c8a57b80ca712039d9cd4eae51d136717374d6f61f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f66a6eec5dc0c93ac6ed3c28773bd296
SHA1 ee590ba5aabe17fcd2d3486244b1638dd9d5b802
SHA256 bdfe2adc1fa32913cb06b5a6ec0906df73eeeb3f7c684e092672dcf50b319855
SHA512 b4e50fedc10dd74cb999aee251839670ac93620610e5b06dfd1b3bfd29b3cdf304d9ab2579a9ee39fbcad8626ac6c5fd3e446b244d8959fad0448cace0774643

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 4322f0449af173fb3994d2bef7ecb2e4
SHA1 b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA256 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512 d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e273462735d6f9dcf9fd3f2978e4f4f3
SHA1 6967a51dd2440c52379f8caaead2da0be70bdbcc
SHA256 e6a822c715fe9ce9dbb9a4b8db360accd029bd3b54d2b8a885c9fd1aa86f4a46
SHA512 0c67d5c1a1197d6bd612d46bd6f08390c9d55cf97779ccf90bc95686f979ca7949422f017c7c30cbfe79ad500b4cf71b5a94d1582a0dc0fb3b6122948cda043f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f2801dc9b2664e0b90872e8e8fb67fb
SHA1 46f2d46f5b8f115a11f02a278cd57c81ffa2a4e7
SHA256 cc4d77ae5492bd69885ce2cf68d6346435111a5b1581bd721ae8b7833a670d28
SHA512 3f79a756108cce4386434391fa86bf59e6a4a227cb0e349ad63c2b8ff46a756aa90afbeb0ec7700db9774c616b6b3a94ba4c0b2a22e9bb9fcda8d923d7d6fd62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 40f2fe967034678cdb39a1f87c7a1ae6
SHA1 6923b995c9bffa303b1d9d356a29398b3c4b297e
SHA256 19c1fab4197fdc86d1e1ef90c4f0719621bf2cd815152680418ca8525d1524dc
SHA512 bd45e306e37fe1a329fbb5d85865b66a7763f348652542069ef94129411e9c834e4e54bbafd7334fa1c84a30ea4a38d77463b03997b10b5dfd4b8e84a11a4fc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b2754883fcb3c57c29a2e60e4cd971ec
SHA1 27da2316b8fe7ebf5d6177074a12ba84db455be9
SHA256 34a55bb8ea2f8652b8605bffc2c8f6c764023a77655f716478b6a6c1a9e182f0
SHA512 68204ca91d17318ab1f9374f7aa41a0872234736158b70ab2f7ac9255fc90fb0a59a8020fb2760bc864795926ed0a686047a2fcf121c150cecd5e922dbb9e247

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 85986c45db299a05034ccf0ba2fa817b
SHA1 912c684e95e56f7e56c69a7d97b30e99b3e733cf
SHA256 d4ca97d5ebc8fe74e6e80b7be31134be1a1c6f17c3259abfee2c88136a477671
SHA512 793a86c2a2f431fde6112ee6cfdc9c4329c5e5257add7791dc5e2057c2674fcb1848fdbf46bf7571b738261afa6b3b358ef659b0d1c1f4d3efbe0492b1d66b2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c7d94.TMP

MD5 628ccd9ba81e8008627d64b5d72c2a37
SHA1 1815c95155d773c1a942c31729955cd76ed33211
SHA256 1470ed49e2b23fc3a691ec3434e18801f51f8283696b5409771eb34216e23916
SHA512 31fe15b34ba6041561584507ccc8dd4e9b687d84a36a0466bed99d4eb4e3af11a9bee4e55ed0a6aab93ed58cde94c9c9d7ab67dcf6fd0eb8ae3877e778ca4865

C:\Users\Admin\Downloads\incognito.zip

MD5 6b40308e25cf902229d174b62010b11a
SHA1 fab86c82a7c8f656916efbf0cbb5afee30c2160b
SHA256 9d4beeeaf9d85ba5d0786a188a670fd6e48bfd34db80a238129fafca760d9337
SHA512 354637621d1ba3e43e7f1995f4fb31c15c9d85062cb7c52523b8c5a9e7c5ddce97675104b31f1e40357aa9af2ad5a0a9d0f83d8e2cd9b97add020174919b0a83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b6b6651f0166a92ae5756a45920eafb
SHA1 61abad072e873e0c79132a05dd4f7f73da38beaf
SHA256 40894adef41a92c756975db3b5f3b20b741cf74bb91337ef47faf00e5bcc8d62
SHA512 0d69163e2aa2b871edd985cd2e4708f6481aeeb3d90def2591fe2bb436c33ccea5872a077eedd3093ada870687551970e2e61842b17e5efa62c2c59eb1f2ba15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e94033aba094ed3fa06f883d92ff0730
SHA1 2253aefc9eaf774b07854313261c46d4e22c84a9
SHA256 b8482ebb29ac492d50f8dae038c700d0c85c4d078e97aadb1ed081d2f48eafd9
SHA512 e4bee397021b3861ab363ea7e377192a4e5b4fb331d5ddd75b7e84e0d96e105e26548c30da21d22ea6c9a9f89b3173a1feaea34cdbfc22f1e929683dc0ae495d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 eaab851c8c45bc64524e6f224c138e89
SHA1 f10c18cbb7a5595a07d45d27250d5f8dca7dc84a
SHA256 70e2114e6f7063f950686b7e65f0c1235d6ccc3683838cdd6e7cb5908516a7ad
SHA512 bcc2366c028175ad861615511f867514e5f6d9bcb44cb982b3a8233cf71308c522cdf3de6264e144cc69fc34d387cdae00aa1052cf59e09334811f4446152b14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 c52f3521639f61d058b371c90f7340a0
SHA1 26cda00aa74d363215fe8e5de80878cf767d9747
SHA256 98dadb40ba05b9079b6c7cfdcdce83a11764b15cee748e1d6b06ef13e94f1736
SHA512 ead5c9d264cb85f32a1e4e7ca84df51b2d8fcad89abe35b8a9e461cab914224e5ee9c3b0cbcaf720ffaf43566b9d9c958667024e0e6988f948640fd782ff3f23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d8195033edaca5e59ad719bb5078353f
SHA1 7dfc2b6f5b04e188645924eb1d9c95ec61912a6a
SHA256 fad6ac65cf530c106018dd49cdcdf14fbaccb892f9e41ef0924fbf73552b21d6
SHA512 dcf3a2d2b8e51917712eb3a8097ff20590b1b60641d49e2dd731d84c4e2129f5190ce61afc34988b4f11241558a3aac1b3bb22ff3bb9686751af983faa81bf6a

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_asyncio.pyd

MD5 2859c39887921dad2ff41feda44fe174
SHA1 fae62faf96223ce7a3e6f7389a9b14b890c24789
SHA256 aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9
SHA512 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_cffi_backend.pyd

MD5 210def84bb2c35115a2b2ac25e3ffd8f
SHA1 0376b275c81c25d4df2be4789c875b31f106bd09
SHA256 59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf
SHA512 cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\pyexpat.pyd

MD5 1c0a578249b658f5dcd4b539eea9a329
SHA1 efe6fa11a09dedac8964735f87877ba477bec341
SHA256 d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509
SHA512 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\mfc140u.dll

MD5 03a161718f1d5e41897236d48c91ae3c
SHA1 32b10eb46bafb9f81a402cb7eff4767418956bd4
SHA256 e06c4bd078f4690aa8874a3deb38e802b2a16ccb602a7edc2e077e98c05b5807
SHA512 7abcc90e845b43d264ee18c9565c7d0cbb383bfd72b9cebb198ba60c4a46f56da5480da51c90ff82957ad4c84a4799fa3eb0cedffaa6195f1315b3ff3da1be47

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_win32sysloader.pyd

MD5 6b3d025362f13d2e112d7fec4b58bf0c
SHA1 4a26921fcd1e9ee19c2d8bf67fb8acf9c48ae359
SHA256 48d2d1f61383dcaf65f5f4f08cae96f4a915eb89c3ea23d0ef9ae7b0a8173399
SHA512 3023901edff779dbd1ff37ba9fb950ecd6d9ac8117ea7a0585a004da453b98ae5eab8c2b15c85dcd6e0e9c24ef6734d4ae322b9e5c5e6c9553148b01a14be808

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\pythoncom311.dll

MD5 f98264f2dacfc8e299391ed1180ab493
SHA1 849551b6d9142bf983e816fef4c05e639d2c1018
SHA256 0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b
SHA512 6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_queue.pyd

MD5 ff8300999335c939fcce94f2e7f039c0
SHA1 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a
SHA256 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78
SHA512 f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_overlapped.pyd

MD5 01ad7ca8bc27f92355fd2895fc474157
SHA1 15948cd5a601907ff773d0b48e493adf0d38a1a6
SHA256 a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b
SHA512 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_multiprocessing.pyd

MD5 1386dbc6dcc5e0be6fef05722ae572ec
SHA1 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba
SHA256 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007
SHA512 ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_elementtree.pyd

MD5 63629a705bffca85ce6a4539bfbdd760
SHA1 c5bf5f263e4284766cfb27d4b7417e62cce88d12
SHA256 df71d64818cfecd61ad0122bea23b685d01bd241f1b06879a2999917818b0787
SHA512 c9191b97fa40661fc5b85fc40f51a7177f7dc9e23acfc5842921631ebb7cd253736af748108c5afc03683f94fbf9c2f02fca7415303f7226f1d30c18e2dddb10

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\_decimal.pyd

MD5 d47e6acf09ead5774d5b471ab3ab96ff
SHA1 64ce9b5d5f07395935df95d4a0f06760319224a2
SHA256 d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e
SHA512 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\win32ui.pyd

MD5 0e96b5724c2213300864ceb36363097a
SHA1 151931d9162f9e63e8951fc44a9b6d89af7af446
SHA256 85cf3081b0f1adafdbdcf164d7788a7f00e52bacdf02d1505812de4facfc962f
SHA512 46e8fee7b12f061ea8a7ab0cd4a8e683946684388498d6117afc404847b9fbb0a16dc0e5480609b1352df8f61457dcdbda317248ca81082cc4f30e29a3242d3b

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\win32clipboard.pyd

MD5 f978302365cdc748f1ee4b8d35eaafb8
SHA1 ca376874209e34f8fdb6609c06631e74682e92ed
SHA256 162d73ca6de8025d510ff7e6aa5886ae8a45567ce70be8c88048dc53ee2a295d
SHA512 43c599041c59be09065805a6df8726307974202cd4f29747285dfff741cd255bbeedf9eb042f82fa54fbc34262ab6af0f8baf8c82a0d54f3840bd6b7a07f1d0c

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\PIL\_imagingft.pyd

MD5 ab9ebce8ce3e9f3801fc8b18207127ae
SHA1 cd02f2ed4467e0de4900aac9421c6f674392810f
SHA256 a0f6b7f0b7553f775c101a94e6cc4b57b83f25ceb18542b5af14c5409977b34c
SHA512 c2a5c9cc86c91accf0b3c488d0b198e6829652b565f41ea097bbc5935434beace09b8307a7e216b66e4120cd285bc2c6a304414990f010052f349094da1aca25

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\aiohttp\_http_parser.pyd

MD5 72195fdf9ac0f84ef2f9bc32fa718e8e
SHA1 e4fc88dd5dbaa33ece59847e76571092718f4238
SHA256 0a449f5051d1732feb4b8c2348e75047bbc38ce99e6f5b1a70cb24fcce50ed47
SHA512 310586a78cd70873485e00106497c4f7ba291f13a3fe9337b62300cb8bcb705c8158aa14f1deffdbf0b454e9ea10097158d06466e5ef1a72d72112765398585f

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\yarl\_quoting_c.pyd

MD5 3ccc89b98dab137bc5af9c1e62923829
SHA1 55d93e9782094925d80e4ce27d13a0a9761b7002
SHA256 40e91aaa369a5c171c0d30630707ae9bb64412fedf149aeecfa5707a2324f770
SHA512 4ebe427c75d83c019f8d378a030ae21e07decf30cd10623115eb0cc6ad7a689159e95c7fabac82ce82cea3720fae6c6faf712b600236dad039255884872eb6c0

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\webview\lib\runtimes\win-x64\native\WebView2Loader.dll

MD5 b661cdf80deb1b542982fb0014456636
SHA1 65457c96e1eb7f03273032273696d79598e48699
SHA256 74f16550da608ec233a3e54871ec72657dff34cdef068193c1a7b554b670a1a3
SHA512 76599c58541e0ed6b679d878f03046f7e53ffba5a7b3fb1efccfa2b5e5c0d1cce75d2f2426ebb60a05014bc45a4c45771484661e55d90d787226e82d84d614c9

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\webview\lib\pywebview-android.jar

MD5 eb952c72900e46137c7a0281d19fdccf
SHA1 615b2d82684e06aa467f813e5458a1922f21b143
SHA256 3b75c4cf714e7e8092f4776efd229e1478323e2213007c041da834b91e32000e
SHA512 a342d037cb1d2597541bc207cc9cfb474f5c2b957d6763568b2a13ebbfef4e320378a78f015fd14e652767bd8f6d04612c4ade0d35be9c48b7d3c797dea57b33

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\webview\lib\WebBrowserInterop.x64.dll

MD5 3e8485e5896d6d89912ab66fd0038e46
SHA1 eb79ac9581a9ae19f56fff3354adb1e0257e0216
SHA256 f6a646470f0e1058224a52e8e2e217501dca46939b30bfc9a5dd4dcdd43f088d
SHA512 36d84c4f944d8eddc6f030cb0167bc09b2b5c1306def64e9f2dc6b7e7d8d40295c56833c5494759debe89b15e6caeaa407036cad1b81d7219fd0c89c4d51fd94

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\webview\lib\Microsoft.Web.WebView2.WinForms.dll

MD5 4cf94ffa50fd9bdc0bb93cceaede0629
SHA1 3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f
SHA256 50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6
SHA512 dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\webview\lib\Microsoft.Web.WebView2.Core.dll

MD5 851fee9a41856b588847cf8272645f58
SHA1 ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA256 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512 cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\pythonnet\runtime\Python.Runtime.dll

MD5 d94eea13862fa10cc55075a7b595c3ee
SHA1 af8607c0a6f67917d5f9d9136d7b981caaaa6a32
SHA256 22822869023482e6d15314a8cbd7cb700e5c1ef4d89ecff65ff4144b1840da79
SHA512 591359cdf1108297c49b68dc1c375f747aad19b0dc609fe625f0e8ed16d46804ae05a14c7fa3343493589bd3e5f6e8f485d7e54b1398c3f3881b4911cb38c643

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\multidict\_multidict.pyd

MD5 53c003dec693f83c57f326b6df5d5f05
SHA1 6977ebcbf74a039501825697021c504d7cc63928
SHA256 32555defdb044714dbaaec281820fa7a0c226545d40561b905294d2e0bdba102
SHA512 2c4b9dff022d25906981d52f68a9bda8e7840597bea6cbea9bc8036392dea56fbecaedcd1b9f6547074c28b018266e424ca0ae8e66bad947544a8571f83fd2f4

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\frozenlist\_frozenlist.pyd

MD5 19a838a9f6b71d405c025c762ec67b9d
SHA1 2871b1ab459f6e4e10ba00553e7a7bb1c27a0588
SHA256 0f7538441c1668248618ee15d11414ce68642c2cbdd1636b903ecefacf88652d
SHA512 5d7b31b4ac745ea4815be122c622989fa408adaeb2f3ba37a9495497e58467dffbeb6d9cd595d49c82cae83e5869ad9a643dd9ca691f46761eb3a20a28d73a7f

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\aiohttp\_websocket.pyd

MD5 b0a9a4a202d97af404285694ea62f36e
SHA1 9ad282704bb6ad49e5a48d18b04669b46c9ec13e
SHA256 b85f7c9bf23062be8d7b9e77cd54416fdb768ceafb114c1cdb19f8b349a9377c
SHA512 984e4521bf64ebc4f8d848fcc7cecc20c5d80a3daa53f59b936d14b09bec3334358665577badfb1e127d7696872daf0c29ee1dc7a0f909c60aec4059568fa274

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\aiohttp\_http_writer.pyd

MD5 c0ecc217f88b3d8dc7d88a9eb264e406
SHA1 e97e64c8d2187a56c0de63bee9606b09cb8fb143
SHA256 164ac6adfdaaccf251526dc8af6adaebfcf04746c9c524634e59afef53a1f82b
SHA512 de76b89bc8512df6fedf4247b1ac32398fb4a80ca2c06ebea349ac22b95528d7405e25c962c20f472af5972c52a28d023f187a6daa1a2b5fedc7d1ae17993ec1

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\aiohttp\_helpers.pyd

MD5 61a41b3f6b3d2c23314f0e36efcfe981
SHA1 70d8a2fe7ed7817086f1365b52157548949fcabc
SHA256 dd1f5f5f8d3f8f8429e8fd03195a77ef4f310d0a7a4e7ba96553f534ef1dfb7d
SHA512 84cb56d8b7acb62dfd159a7b8a67af929489641b2e81ab40f024499069f6c5ffc2f0981a4b69fb8c5229c0ab9bb9834c247f207fccfab522ffb67213c1a61fc9

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\PIL\_webp.pyd

MD5 86c884d8f3d9a6fbd23c3bf3d8993e47
SHA1 dac8abb27dae677454bbfe5d8cdfdf9241dffafa
SHA256 2493c3366c3c03ca35507ac2f72659edfd6e370a824f2d0918991be147c349fa
SHA512 8bdb623006f5a56613afa91fd1088632adcfe08ebeb902b749c43dfb09cc8e4b6d81112dfb05e5f498f90876a758807a976feeb2b8432b9aad5b0930ccb1f9a8

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\PIL\_imagingmath.pyd

MD5 e824415e88584dba88b582b3f7d43069
SHA1 021f5f3dadfc1ccd957f5bd72e01bc11e50a557b
SHA256 bbebcd7385a44651d9cb456ec5a07657fcd9c62fba3731eb479e98439f814c71
SHA512 b79960c2ca10f28b282ca84a5a51a41373522d51ee32523a911f0c23859c4dfa40b4d4b6556187f223eccad0dd80c247d1a9d7c97530e8b174ba01a6902d44e7

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\clr_loader\ffi\dlls\amd64\ClrLoader.dll

MD5 e8a52f61db8eb35ef3b8211bfbb821e9
SHA1 835d394badb777e9c7e4ef59c72a309500a3971e
SHA256 4942106eb2b86a37c63eba972a2c6c5870d4ae7535075bb5252556e2ff2357f6
SHA512 48e7f25ea4a4af1dc09fe594c25e8a962304922445a1e9708873cef4578a783eea913b59cc390d0e318c9d35995f01109b9a104b6176cd8cd081449988913626

C:\Users\Admin\AppData\Local\Temp\onefile_5312_133627588405229771\PIL\_imagingcms.pyd

MD5 8a4f145e921d4d56aece2a2386ce9cea
SHA1 3c510bfb4408214f2a218129b76e28db068aec05
SHA256 550724463a5c2621ffeb484efa8936604fc6326b8c949025229f8d7c981dc9a7
SHA512 620943baff4e8993cab2aba9d36826cb59b078dcbdc750293961132442981da86511ca55b13e3f663fe28d3de57db6b65ded66fff198fbc4f9b03401770ae9cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eddb60b65c89b8a7f7e36325b2f228f2
SHA1 7aea7630d8dc34b66f4c7efbd53b682274987e20
SHA256 c7ea24537cc6ba4993b0fd83c35bce94a362a285dd07ab240f938caef61ad054
SHA512 393aee84ea722a026edab57e66c096e807a1e94f6357857750995079f1c169fbc1cc398199dbbca64cf51296c3a9a86126d2eff9764a3583c4cb8cacfc0c1416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\33ca449956347d94_0

MD5 4882a19506b3e9b55a60456720021c58
SHA1 57c388b02b8ff0ce0875cffee0bdf1ca571f6b6a
SHA256 ab5579be9006b5f06d345e4053e930134aa5c03bf4882c20ca6e1d173bf6a951
SHA512 a7ce0d9fdefd0f964fcb3ab2dc590fa08bc1a228dcd3edc24438471181e84855e9db7a06429226170e3778cc61201cb9a526748c8164538f97a6af6501921d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5e42077b85df235_0

MD5 bbc25664c4356e30f71c43682704e323
SHA1 633e73660f540bcff0c58ffc4c9266dcbfb65c33
SHA256 2349374afe9697574d1813a3d077ee2555106ae8bca80d8ac8a805dc3a5539ed
SHA512 bc75089984af24f49324eb66632891b2b51cff880df2a44108969a178b32520216391a9a6b1982b3d73c3fa03e4c89a5b63ab00fcabc02f2102061471875ee21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\260d35a45ab9cc41_0

MD5 5a65ac3c740bade677140024e277c6c7
SHA1 129fcd657bdc2ce460db146c8cbdc181583f3b07
SHA256 c08607d289d19cf1a3c61eb04a11da07b2daa366cd8245bf5c918f9644aae62d
SHA512 6cd69756100acae53f1e0d74c027d44510e43e5603ca63b860f0b4f60ebf97f6f9468824460329855c08846aa36d68e23ef2604166a244a386f55870b99fcdbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d84e7af182e2e445_0

MD5 3273322b705eefcc12b902f4095c1a9e
SHA1 4b739758f181556cc723373f7751e8e90164f95c
SHA256 76cd0b06b022b858e3ad6780fe0036b2bc628e41e3f7dd8383dea9488ff80121
SHA512 deec1ea21cd39e66f1e007f7544948141a5a4165b27be4f4a60b9541a4b160feeb482cb663a84288496c84e6059f1fbefa06c838f22982d32836c4544c6f8c9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\83f6302faf3ce757_0

MD5 8187dcce31756a9743062376a2d9a764
SHA1 a8359073a95c30f187aae25030a3e13a6868d138
SHA256 8d974ab86312295281ff7b9957c1093494fd64e75bd9aa466e4637e82bbb365a
SHA512 1c6ce7a312b82b9df89b1f3ba0699753aa291073de75afd40d0e57248d1adde3edd4eadbd565919f7740886090d2c5c0269ed79f01db279e83c95d347ee2f4ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\13986ccd40e3a0f0_0

MD5 8d2d77e652820495572d81a4610e28c9
SHA1 076b0d7adb2c0a85df1683548ea5bdb3f1cff9a5
SHA256 0a37b1a7c70a2dfa2a47eef801b1aa9efe53da18014e96ddc60defa56f0855de
SHA512 a9a19004a08b8d3af19a8455f9e6763eb4d188c2796092e838c00722de9c8356fe881574036eabdc80325097e8c4cde374e0f5d59d6046badb432335f6b0ac33

memory/6032-982-0x000001D84E290000-0x000001D84E390000-memory.dmp

memory/6032-983-0x000001D84E420000-0x000001D84E42A000-memory.dmp

memory/6032-984-0x00007FF9ACD40000-0x00007FF9ACD4A000-memory.dmp

memory/6032-981-0x000001D84E290000-0x000001D84E390000-memory.dmp

memory/6032-986-0x000001D84E4F0000-0x000001D84E50A000-memory.dmp

memory/6032-985-0x000001D84E630000-0x000001D84E6A0000-memory.dmp

memory/6032-987-0x000001D84E4E0000-0x000001D84E4E8000-memory.dmp

memory/6032-988-0x000001D84E630000-0x000001D84E638000-memory.dmp

memory/6032-989-0x000001D84E6B0000-0x000001D84E6D2000-memory.dmp

memory/6032-996-0x000001D867210000-0x000001D8677B6000-memory.dmp

memory/6032-999-0x000001D84E690000-0x000001D84E698000-memory.dmp

memory/6032-1000-0x000001D84E680000-0x000001D84E688000-memory.dmp

memory/6032-1001-0x000001D84E680000-0x000001D84E688000-memory.dmp

memory/6032-1006-0x000001D866CE0000-0x000001D866D5E000-memory.dmp

memory/6032-1011-0x000001D84E680000-0x000001D84E68E000-memory.dmp

memory/6032-1016-0x000001D84E890000-0x000001D84E898000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 606800c46c46cc9dc0a41d4cd3104e5a
SHA1 9faa2abc2a2fcab0a798066bb192720326f46d0f
SHA256 a16b32cbae69b8da83a2fc3ef7e5b1d5361ff9b9e96792b6747ddb050550b348
SHA512 8c014bf6c9078a18457a3c9525ec08d9382c3919794cc1b2d1b6eacd9b0a71aa9e1ddcad72a092cae3191e9644804adb0aa21014703bc6f6ba6e42a15e66fb4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74c54027f167c3dce9bdb81aae892e3b
SHA1 95a8e95e0aa0e9dfe8b9abd9cfb6ee2ce13c4464
SHA256 3f2c49a5898d424d4fbe58e3ea10ab8f67d8f12b525f7dcf9152912b7e724804
SHA512 966c70498d2bb703cdcd87828eb8531a9120afe298675a52a60fab7217294f5c3fa7539293227ba4d023bb72c059f4738c84d32e48ce9e3654bcdd6d275acd6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6f13c9fe76de03d0d684d0cfe5db63e
SHA1 2a0d0feedc995d7991e31adef600c06486188ef6
SHA256 32d5261cb66f8ad582beb973b24474236c8fa110794fbdc65e35f6b8af1b7967
SHA512 3d2749cbb12f2ea55bf33ccf5c0377a28034a0dd371f07f4fb02ee3bdec7ea21321ef452e71f557eede25b40291419a40e833038ddd6248bd2aebc55aa4cf5ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9ce641b59a77f8bf45bb2ad68531e4f5
SHA1 ecdf2ec36499801bfebf2075d9d6da0f384cf725
SHA256 ef95a78c386652cb9c44f17656b87785dad1f66bcd376be2718efba842a19bec
SHA512 f474d78c63864bd02b91ae7f64001abaef74a06802d14cb038a430f6a5d7a348d82bc58022a2367d7114b28d2876072ab751eca5e28cfa3ae06553da3a6a5fa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 643c76ccb1ee6a98f2cad5d6ca52815d
SHA1 2e7d64d77c533472adaece133f1542ea90a26a88
SHA256 03d12afb5e5f1715f719e47413b2d3ce9b996ba6a6dbc4d5bc3283c68d9b8830
SHA512 c687036de1b55beb15503c9b32a619e9a3003d837af0dd9977aa5af71b1a2089231e296ffe4088639bf3cdc473da15fd9887f6a44cf8ee319e0f9fad1ed1a8ed

C:\Users\Admin\AppData\Local\Temp\tmpgc7nfsaa.dx

MD5 2d6ad8f5e8961ad6c19bac56093c84f0
SHA1 8060e01378de33df80320f3a3c1158c9f61f9ff3
SHA256 7892119c9e4b815c07b93d2bc8f7310b16064734a99affae694ca6b81b5ea0b4
SHA512 63177b3273ca0687035c7226a70e590ae36385ed5c28e9d793ea393e528685f88496f9f921a39f304aa7f83f9774d33f04f1d49124ac8c50842e76634a389a36

memory/5372-1308-0x0000023A494C0000-0x0000023A495C0000-memory.dmp

memory/5372-1309-0x0000023A494C0000-0x0000023A495C0000-memory.dmp

memory/5372-1311-0x00007FF9B6190000-0x00007FF9B619A000-memory.dmp

memory/5372-1310-0x0000023A49770000-0x0000023A4977A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:19

Reported

2024-06-13 13:21

Platform

android-x64-arm64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A