Malware Analysis Report

2024-09-11 03:40

Sample ID 240616-dh98esxarh
Target https://github.com/pankoza2-pl/malware
Tags
aspackv2 bootkit evasion persistence upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/pankoza2-pl/malware was found to be: Likely malicious.

Malicious Activity Summary

aspackv2 bootkit evasion persistence upx

Disables Task Manager via registry modification

Checks computer location settings

ASPack v2.12-2.42

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Drops file in Windows directory

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry key

Delays execution with timeout.exe

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Enumerates system info in registry

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Pre-OS Boot
T1542
Bootkit
T1542.003
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Modify Registry
T1112
Pre-OS Boot
T1542
Bootkit
T1542.003
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-16 03:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 03:01

Reported

2024-06-16 03:17

Platform

win10-20240404-en

Max time kernel

801s

Max time network

803s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malware

Signatures

Disables Task Manager via registry modification

evasion

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\PanKozaDestructive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67B5.tmp\MBRPayload.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67B5.tmp\melter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67B5.tmp\Craze.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67B5.tmp\screenscrew.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67B5.tmp\lines.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67B5.tmp\INV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67B5.tmp\Craze.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Local\\Temp\\67B5.tmp\\MBRPayload.exe" C:\Users\Admin\AppData\Local\Temp\67B5.tmp\MBRPayload.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\67B5.tmp\MBRPayload.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629806639268080" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a5ea8dcf9abfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "425289025" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e7683fcf9abfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cc7537d59abfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 68ad3cd89abfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5036 wrote to memory of 4964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 4964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malware

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd0309758,0x7ffdd0309768,0x7ffdd0309778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5484 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5620 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5820 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5748 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3924 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5464 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5584 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3076 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5704 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6064 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5572 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5196 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5956 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3084 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5728 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5840 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3096 --field-trial-handle=1776,i,11965856836092360964,1419978856402484495,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9655:98:7zEvent15405

C:\Users\Admin\Downloads\PanKozaDestructive.exe

"C:\Users\Admin\Downloads\PanKozaDestructive.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\67B5.tmp\PanKoza.bat" "

C:\Windows\SysWOW64\timeout.exe

timeout 5 /nobreak

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\MBRPayload.exe

MBRPayload.exe

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Local\Temp\67B5.tmp\MBRPayload.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\67B5.tmp\note.vbs"

C:\Windows\SysWOW64\timeout.exe

timeout 3 /nobreak

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\67B5.tmp\sites.vbs"

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\melter.exe

melter.exe

C:\Windows\SysWOW64\timeout.exe

timeout 6 /nobreak

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im melter.exe

C:\Windows\SysWOW64\timeout.exe

timeout 3 /nobreak

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\Craze.exe

Craze.exe

C:\Windows\SysWOW64\timeout.exe

timeout 4 /nobreak

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im craze.exe

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\screenscrew.exe

screenscrew.exe

C:\Windows\SysWOW64\timeout.exe

timeout 3 /nobreak

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\lines.exe

lines.exe

C:\Windows\SysWOW64\timeout.exe

timeout 5 /nobreak

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\INV.exe

INV.exe

C:\Windows\SysWOW64\timeout.exe

timeout 6 /nobreak

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\Craze.exe

craze.exe

C:\Windows\SysWOW64\timeout.exe

timeout 8 /nobreak

C:\Windows\SysWOW64\shutdown.exe

shutdown /r /t 1000 /c "It's Your final 1000 seconds to use Windows"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3a91055 /state1:0x41c64e6d

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 108.177.122.94:443 beacons.gvt2.com udp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 172.217.16.227:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 scratch.mit.edu udp
US 151.101.66.133:443 scratch.mit.edu tcp
US 151.101.66.133:443 scratch.mit.edu tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.scratch.mit.edu udp
US 151.101.66.133:443 cdn.scratch.mit.edu tcp
US 151.101.66.133:443 cdn.scratch.mit.edu tcp
US 151.101.66.133:443 cdn.scratch.mit.edu tcp
US 151.101.66.133:443 cdn.scratch.mit.edu tcp
US 151.101.66.133:443 cdn.scratch.mit.edu tcp
US 151.101.66.133:443 cdn.scratch.mit.edu tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
GB 142.250.180.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 cdn2.scratch.mit.edu udp
US 8.8.8.8:53 uploads.scratch.mit.edu udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.16.227:443 id.google.com udp
US 108.177.122.94:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.crazygames.com udp
US 104.17.240.158:443 www.crazygames.com tcp
US 104.17.240.158:443 www.crazygames.com tcp
US 8.8.8.8:53 pafvertizing.crazygames.com udp
US 8.8.8.8:53 workers.crazygames.com udp
US 104.17.240.158:443 workers.crazygames.com udp
US 8.8.8.8:53 builds.crazygames.com udp
US 8.8.8.8:53 images.crazygames.com udp
US 104.17.240.158:443 builds.crazygames.com tcp
US 104.17.240.158:443 builds.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 151.101.130.208:443 images.crazygames.com tcp
US 8.8.8.8:53 158.240.17.104.in-addr.arpa udp
US 8.8.8.8:53 208.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 certificates.starfieldtech.com udp
US 192.124.249.41:80 certificates.starfieldtech.com tcp
US 8.8.8.8:53 api.crazygames.com udp
US 8.8.8.8:53 games.crazygames.com udp
US 104.17.240.158:443 games.crazygames.com udp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
FR 18.155.129.114:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 rumcdn.geoedge.be udp
US 3.165.136.126:443 rumcdn.geoedge.be tcp
US 8.8.8.8:53 files.crazygames.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 userportal.crazygames.com udp
US 8.8.8.8:53 rafvertizing.crazygames.com udp
FR 18.155.129.114:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 videos.crazygames.com udp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 114.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 126.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 108.177.122.94:443 beacons.gvt2.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 cdn.scratch.mit.edu udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 api.scratch.mit.edu udp
US 151.101.2.133:443 api.scratch.mit.edu tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 projects.scratch.mit.edu udp
US 8.8.8.8:53 assets.scratch.mit.edu udp
US 108.177.122.94:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 214.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 64.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 memz.download udp
US 8.8.8.8:53 memz.download udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 88.221.83.187:443 www.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_5036_PVBYTLIGXPOFUQRK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d61348d245352c45eb5bcf1ac9847783
SHA1 dcda326130e05f1c2eb42a5fa910e205b5c04db0
SHA256 4f94f499a1f98dfe84828dfe8c50021cc61ab9a9429686f22f4e598ee68771a8
SHA512 1c3427ea7229b7b116c19111154cf24c6e929b099a08beaa8b9e592992ae69c1771a5bea4d77ea6ebfb6ca6575a9bb39229196fc72371a658baf675c10142b0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c4c0dad3d56bcff42bf80dc545b1e80
SHA1 b4363ecbc680116d8614642c62511804100457b8
SHA256 0a7e786c3801d086243c4465996df48858c9c75bb6b11a134ee9ca70051bb5b6
SHA512 607e7cedcc4c011999885184ad4d33c56fc674bc6e9eef56a2a74755e557693dee5f0a5f83a0248b250ebfdd61eb1675399ba58e698c6ace851dea34a42c8a3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8f6e8802b02096287388d753ce16cbd
SHA1 5888cd3c57ff79e60992111f164f390aad57107d
SHA256 707f9b8a5aa1c6ffda783125868000749ad7486afa5adb3718d7fd093ae967ee
SHA512 94ffa46870a88cd5a55f500823457355be49db838f29fe3d1a5be01366bf350d9a2229e705e917e7650310ee9b00999594a10728f1e9a407ccf0888902513d00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e3f6095a72d5745b6248be87697f6fe
SHA1 5a08b45fdf87a2616dca8eca9b3025c14b69a39a
SHA256 7634f1f467868dbf3b0d8709ce242fe7fc63136abe8ddb366409862013b6d509
SHA512 52e0be44c2de748816ada1499d91bcf267008b5bc1acb3fdd06f7b66ea470352190a618db83cd9f2280cc0824387f9cb01b1c93cc075ffe33f532879e7d4356a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e35739d5f84b5d4f7905569994826c3
SHA1 ab9a31130a9eb27231cbb201b730a112047bef2f
SHA256 77225b06b455641eddf25767493a4d34a7914528656af914d83068f039e2dd6a
SHA512 c73df0e5fca17be4f7a7a844b3e78668fb2cbb95796c3da1b108f24a259f7534f14bda7967a71631d2804f8fbe54366cf04bba9086d380aebbad8e45eb45aa69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07da5912aaaf742cedf7c988d3e452c7
SHA1 2e920fbaa0af64cbe88548a863ee4728cc8d184a
SHA256 feb375a5e6dc01f050f73d7b872364578a535fa8a166bb070ed61cf15083f0d7
SHA512 7bea88fac38c74b0df3cf41c661f643ccafdb9a50354fdb1c0db90e229a4116e3545c66f8186e63fe5217e35f4cf8169ee0e33eb8cb881c90a58015a346dc59f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f7206a23c297ed78ba68fdb45ab97b6c
SHA1 67e61e3dec178be83b107bd32272fc58cce22cf3
SHA256 03692be83a4c46301f0879c362c599bc6fe1fb52972bd119ea2cf112904dfc31
SHA512 723745a2509704c1bc687162a5d8b08723f83a51c2cd2142edd7c79d08d1e902a26f5d326a823d3cf04d112acc8af8a2a779641a13e83bbcf82334a74e84e58e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb56c5a227113b06bce118ef652bcec4
SHA1 a0bcc4329bca715d1747fe32e4730d44afce196a
SHA256 6aa24d01332a058670951c3b569da463693458e61cf81421df0ddff55647aa72
SHA512 47b0e39325dd01b45c7ed035a9c0cbe6e7d7bf1a1507a9e157905601507dc1075669b312f35ecbdcc8c36622e2f98fd1deb8023d0152cababf7ac0865720edb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b18776f63726422787ef6699a28bfc46
SHA1 40d018ac1b1e807ba8803338ada071d9e29dd222
SHA256 e1b683b64411d5feaf0f565fb43e861c00240a84b8023cc16f3f2b0599dfb5c5
SHA512 f5fc9fc0bb6330117369ffefd3eec3e69343d6f9f48e5b3b0e0b85dd1f4276d278a54541256048b6abd7c3214cd1a8a034d52ce5c37302e97e027c25a14e7d41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b44cd7eececac16ba8fe2b38d733eda
SHA1 8607532699e7efed14bb50660b6c05eac11a46a5
SHA256 38ecffeedff7806682a2c865a9bb4d1d4f6349f04c0b18b25bfd1fbfe188fb63
SHA512 0b37b03b69813d62e37c1e59219de8ca6d355721fbdff58cd4f700f1458eea196d32d082c98dc844e9cbe76649d11b03198a18ba0ad9763ef3c18c4a7d0e4937

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b38f163dcb0e3753951e6e40b34021e3
SHA1 70557926a0f0a66029867a0608f2ce2ffb758731
SHA256 adddb40033777fc7809c8174cd74e245283f04443df2eaf9624a39469db2ec7a
SHA512 68d5d52237d53513cf9c803926ebffe5a1a3c56473cd4557fa1caf26cf64cd9d08383eb9c93fc3b309ae58997a93e0f88de3c7ab43fc3ad96f2a631a248adf93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590110.TMP

MD5 d99c7b2e39e5d6a714e7d42e42c47e4b
SHA1 13abbf57d23e3cc15e752d472c604d2dabc027ea
SHA256 db95c34b50b73e634042924b04707e03048b9e432e4b89839827d2642fc2a97f
SHA512 c70e947ae1315283349e5d9e3b19d32b1b8e37cbdd676fbd94d0c6aef1f1aee6e17af6a32f450a171da7b8bb60d74f034078eb8a4a9da0a5afe8795a663210b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c415f5e411e50039a329624626beecbb
SHA1 89d0b38ed98f94e76379fc2e3c8d1708b281a523
SHA256 b31f1da2be96b119cf965680f602ab5aa57a8fd74b5b3daf93816afbbb55b8e7
SHA512 e87320bfbe1b02a71bc8e7574d268a5cef5a3aa0275978740398be25b2ad6ccb33dbb3c3debc8337033f93c362817e7485e8432d0ef203dbdb97d9b7238a455c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5a6bc637159160512ace335041950842
SHA1 b89ab13c39360834e0da1ea7638be1515537dde2
SHA256 9bad96a9f18c7a37ed70c79147f42756aaaf68c57e41b800a8ecfa2a17f5de50
SHA512 50bd520a5f681ad1164b6958605a66825e1fa86843740ed09ea16f059d6b2c37e044c0e7cf9ea6889c9995c3d5cc3332db85f2e18f4b525845e0b9d8d81ef01b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 99916ce0720ed460e59d3fbd24d55be2
SHA1 d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA256 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA512 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ccffcc26b75573e9fc1b4274710e51c3
SHA1 6422da5cc374f8f86ba44621edb256dd45e96771
SHA256 6a4d5bd74408924797f9e44056de068f2fc3e9c665c0d58a83eb403a213d690f
SHA512 ea71f18176514c3267da8d7d2111e691ea2cb2458479eca79d802da2b10eda9b65e5fac63b339edc85ac990fae504a004f96d0c0670f8a10f5a123da8e5d60c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00fe0aed89c1c14454614232ca26fa31
SHA1 7f5bd374438f5b8a1730890862888008f5c070d9
SHA256 faaf50f1c46923412316b94385decdd492bc05000c197973b3479531d187b666
SHA512 22e4823b5bbd145531426414e7c17ca32d918366baaee37f60664b867e399d3b6da5e6c08fe5ad8fa196e01b2425296282c3f0ead22fa43219ef5a4a571fbddd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 38a70e0732ddc5d4a0407e60aea4355d
SHA1 60dd4b4df7172554a9afa142842a8b4c4a967368
SHA256 9b54c737556753b942edcda3f4fba499a979c255c8cd715eef1438d4fe34202a
SHA512 bae8dc30f3111983f61c0e09c08f2aeb7126ca5d16a49a7e162eb5bf2687e8e03ca2605d747567dc6b461a865ec91e57b48bfe7975bf9a8e0e35d326d6705c39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 86d4954f9180a5a5862f65a939972f98
SHA1 34b489a0b0da9f4403e265ed8893106bb06bda60
SHA256 55605c57fe1125e129676520c7a87ae691b2b87f1291464f9961b436dcf17fc7
SHA512 d28d238dd0f8a91db45d3ef4fee452ba97b27bc73628a9fd9647603f46c9c7cde1a138f6c5b4ce073f1917b4309203b6b76bd9d492ddecae44193cce99f2412b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 afa007f94f1fcf9e28995091cbb1896b
SHA1 cb3f873ab587ca71ad4290354752fe4defc9801d
SHA256 24135bddfa9c5a04a844eb790503fedca7ea7421d437702bf4a40ec8ff069159
SHA512 843acf22578a954f1cef02a75994f8f5e1666f03ce0962077e999299aeeebbf32dc41320cd49ec3ebfe88def4bd2712429e4a4b8762951b0c15e53a34cfb36d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 aacf9fbf9dec88b3be338ba90d12a3f2
SHA1 9907f7fe5495e29b3344bf88412de1dc5088148e
SHA256 1ff2cdaa31dcb4358409073ea404e35945abf0e7cb0f1c743b422d7bea1e5f9c
SHA512 591751b0876e6233357ffb51df0dc8e7a5cb1f11cb1ea4042e2705bd8320eb3df42b9367700d13af23c53e813d05585d70983a95ac1f6cba0ba1421f8c9fb825

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cc3d707e826ce98d8cf2a0e63b61d987
SHA1 b27c3eecb6e873c0b5fa2826a0d829233152405e
SHA256 5c4df36071eb5046e5ccdf25c4102d79ad399cf49d9874ac574939b2e095bfa5
SHA512 24870a58d33209d099eb495cab7d46a76b5b1d705b1973d95fda417993e9a9e82da5a8a2aba76a611349a081d64815f0d8892bc642b47d4b0f89810d1acf24cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da5d8c12eca92068130a54fb9b89e30c
SHA1 3516aab8c6184606df39ea206758e025f772bdba
SHA256 0a0e2927f2121ff397e84480b34b97d8918b6d28261562172f4e0ebad62cd745
SHA512 cf46bc667e18e291e1d50e50b5fa89454c6fc5334db16879ef1981eebaa41382ff7ddbf01696f64ea9536e6ef51ed2d67c0d54299b1b8a205ed760ae93a6c73b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5af137.TMP

MD5 cbcdc9dfa92c4dfb263c3a91606cd76c
SHA1 6051b91d47ab32eab772e0fbc88434496a70c6ce
SHA256 9723606d17f3442d8323f5516f014d71aa1260bc415f7b48234adf56ba8fdde0
SHA512 5587fe9303390c636e6bca247fd011324638ce36b1f350daa5d5fb3a4d8b045dedc21888109e6fe82f4e18ae79a839f078b0eb845942301a03206b7f3628cdc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 cd3e31c6ed150b39ef83987ffdf10d6c
SHA1 00426a197174a7c960f1e74dbafdbf75253b08a7
SHA256 9704fbef65a5efd8ba8fef2a64e4440fbc76b20067081b93d66d79c17fbb01af
SHA512 105d5a0b6e198eb3d593fb486ec0e6e9ba2f1195ed502e79bb284e21b83dbfd50ca2f223c54bf47c32c7302aafbd6864416064125391edf479394f065f84ea9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 f0c27286e196d0cb18681b58dfda5b37
SHA1 9539ba7e5e8f9cc453327ca251fe59be35edc20b
SHA256 7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127
SHA512 336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 dd242f4737b2737ecad98bc2028b544a
SHA1 065a4e6f50f16e5986df7f582d4839e59c4338a4
SHA256 cc8950f8d690094464d97041d919cab9ec3af790437c6e3febb754e245171cd6
SHA512 b393c7f0da53d9ae875743cb564b223b2031767844db1de296b6e652492bc29f8e19bae002b66e987c00b11009ac7df0bff7a36d661f7846e8bd8c9a0957a272

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 5b6b58afab648282290fe3513adbcf90
SHA1 fbc96f27a237488041f5acd3aa43686199c6a5c4
SHA256 fbba294e8499d8d613c992926c5e8f37ac6a611f033874996905b766973062d5
SHA512 16809a1a52c5381b864bd81df9cea50bb3241e727320ce78b4c7cbd0b8537293e51914ea943e3a3beaf71fda2539eaaf3072cd5f738794d7f6ccbfcabeef3530

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 13af259e22f530425194b28d27c26990
SHA1 f09989a18e55c59f4c511f81839525fd833c1cdc
SHA256 0061acaf27d9c8c5891e08aa1e96cd7e5484e5d23b5f5e230c98acf36eea86b1
SHA512 579ce43f6417085d7d634911f8aa7c5d1e08acc68d743e41101e1f12e3643b24faefe78fbbda883ce5fac2d292a99d462e448f7c84fe2a2781c630717a9e5a03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee568792af9e6b95363f83a03d5a9a94
SHA1 7e6f8fab99fb47000a8022efc97a7bc3e1eca3a8
SHA256 6427a4df95e9e13073a6283d060b5de37aeb897cad2b1346897343ea60ca7610
SHA512 2fbb52a7a5a6b7c8723aa5114cfc4ecfb08b4df413588f14135648bb65c06f098d27e18514da4e1e2c2cb2fef060c53806eff7646d903fc2ba3dd741088ad3f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c47589cbf2086a2086c037fb8dafde2e
SHA1 b2c4824ee994f0c2d6171ff2ff1f1a6244964442
SHA256 7086b555f8abeec2102d5812b0c1ffd1c2cb7ce9d42f629fd5b68f9601c154f3
SHA512 9253080ab3c2db9b1eb5a253e947261b5d0e6c10250f535f336591ac049702f66f903bd38c0d7b5089a0ab1b59a69c4af0a3588a776d07711a31fec120498f4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6e1ffe27e01c6347c728cffb7c3016bf
SHA1 5f40862b4d10b7aef9a92faed944efad38276f81
SHA256 42a2c485a4d7c5726b638f61579957e064266ae50bed840715c5d197d796a9ba
SHA512 e6536f0b957c5ed67d8242c8c750b0dd865317dffe93274921644887b6869b12c7396e815694db46980ab9f83764d2cebd92679992a5268067aa512f783bdbfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa9b752b6bc7bf3db35cd6a363b7f162
SHA1 730c84423487597b24508a5d104ded9fa5cb9852
SHA256 4b374fa190df6b50fc8bd6f2a685a916135aac613db7a59709da8b4e375d522b
SHA512 674560b7f63ed51841259dbe5f644e5aab3505a0bc1ad8bb0d997ebee98fedcbbf8e4743c0c4d3ea351af223f3057a206521efb8b3d2337eeba911257fa2736a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4dc1852020e9c01c598d5c9d620fd47
SHA1 c77cd1adee9cc68b5e96185f50f2792aad0aef92
SHA256 80c164a38c995ae308787074822a9546c678fbc1ed81bee974a2b28bc4d6b7ae
SHA512 8cc97086f82b62a673d88c4b68e69bcc9180b97f4e75f3d079edbee3597ba4c0e455882118ddb553ab7235ded161c0d26ff88b924344d843f0637b88887d7a36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fe6a89aa10d6ef3ec8451c57fdd7aa26
SHA1 2eaba819f406d3f0168cf3a6ad3ee4c736e1abde
SHA256 3c4b8cfd566152fee96c11cecfee2156ed2dcd880c82f8ad5f2f14c1be12a9d5
SHA512 89ae9fef71ed0631beb9a55957c233de4a8b1d15d8d84ff8c858289eacf562db4104badb9b3daf6ceb3bb4c1f0c1f24913565cfc3f505b8ad6f3aea1b443ad52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f322464418e4297b87afeb9fc1d5f3b7
SHA1 a3098c77bea7baa27254b2299c8339cf3d922c02
SHA256 eae353fce3c9048f04e8f15d43179386d59fdd609c081ff275daad23801059ec
SHA512 be87cd2fbaeb1c96404daf12376499e1175ca1714e8a7014ce5bd9138b2e190ebc88698ffda9e5940ceae1112a4aebff8f574a7be28e5731004b12d744e7bc25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 116af267acadcd84a168b752770256d4
SHA1 2e97f82191456e08cfad32fc9458b62f4abf2079
SHA256 3d6ee75f5215d3ec58a3934a3cbac3aab6a83258ef9d6dd1f9762a2c0d70f00c
SHA512 d99b820fa71aab76e4e6620189e6a0e8b144381441a29fff36701be7a27f0467efb350903e9f20b5f0c2f56a77b038fed5b7ab07ca85167206be815d1e0af905

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0652c8b7e7c0391a27a19182bd435e19
SHA1 f5fbb51a62fce3bd36f884ce1d82969335ba242b
SHA256 f9a115871a23255593b1077d6f96f14792960201051f2940dd4a348e324949c4
SHA512 62bbd0ed1babd59dbb58586fb7a44d57b49d0720b6e8183e233330bcb59567b5bef4c3b5c41323f012956788c9e082f864f77f4549c68f6f9f5c432c00df5f87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\index.txt

MD5 4b465ccfbd0b5af8081aa907f260435b
SHA1 68cdeb2f8bfa4355fe55e261a1adc039cd64f08a
SHA256 b981a10ebe0c8f6ab83e0690f70d5c9d907327f5ded4c69e08dbcee7c80c091a
SHA512 6cc456de204ae1e2c63783c89777388fb95a3c57a49f285a6d888132038c6437301e84e8fd047673675ec81908b18a3fcef52bad6390a8c43020bc339572fae9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\index.txt~RFe5be480.TMP

MD5 09036902bf73cdddde57309f9d2b61ce
SHA1 c18c0b13842a9b7a9a675efdbe7d3d2d6f89f58b
SHA256 0b54fb57fa61db47d87aa308bdadc567e9614e5709fc7a6bdd86c42418238a8d
SHA512 6eabfe7546bfc3e8c53c3ab7cd4ee7a679d39cd2a0bc2f9446150bd1f98e6dacac7c29f2461b6a03dab5cc52e7aab7d77bd4949e77ef4242b67afa85d810dab3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\cb0134a6-c1b7-4f90-a57b-e2373568f0f8\index-dir\the-real-index

MD5 5ee3d6c5b15fb378947db2acb2b37bff
SHA1 824926228d951bb59cc23d5e12b68d7d3c4e8b3b
SHA256 90bb77e3de1b3967cfc321de4081f9177e8f7e3c3ee63806c73e615a9001ab11
SHA512 d41e76043ee6b86eef64a43a739db0d67e2c2bbb999baf9d5ed00c6a2f9e80c3d5fedc807a93d4fb4587cea7133ffd772ef7f3a58d37344d8422405c60b98984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8ee4af1eede1bbb125dbf3ade75fe5fbb191b7f3\cb0134a6-c1b7-4f90-a57b-e2373568f0f8\index-dir\the-real-index~RFe5be452.TMP

MD5 08392fc12b2677b1ea8be0328a341f78
SHA1 327ef082ba73a1ed424d07dcfa911a6b5997d9ee
SHA256 455c6e5e0d9d51301f5e3222af7c80af490c6d8a31ccecef124fd5ae57c47558
SHA512 0b8446f3f452b72fba3dd09ec3c9881ff95ed454e938c45ea72c04a8327759372cae3612524521afb4eea5a0f09cd874afba9891691562baeb79aee3587e6433

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d0be076b1b9201b288fc9ddb81361b6b
SHA1 6c7a24671fb687223ad6fe665c80f6e262e3f1b4
SHA256 9183662cfc7ff852f8eed722b056c4d031fbf6aa9916301ce1bca42ea33d7bab
SHA512 f225b74b8ff083b0c7390fadde008e77153424907de5084bb01fca228e87fca166991114afeec3790f95876bc4c8d08a6628d793d253ad97e19e2f3253a45651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5be403.TMP

MD5 348742e4fccf09754f23ae82ec2fb397
SHA1 4e6ddb0baba350d344b4bec6ff8a8bd8b596cbfa
SHA256 c5d397b97ea88bc92bbb466aa81715b0feea8f0643659435251551979d388797
SHA512 67b357ea44e29d03a514c1097a80f87ddaae98960d9ff773dea933a6ab12b96fafdf842ce95c943b4878e8957bcdcb4bc1d49ee799c5e27c039f46ef8a9bded8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 93b46a680a5c1a7c71f0ac4b3784fe0d
SHA1 a8183f7120b5ec8c0194c53e2bb65ee707648b21
SHA256 677d85ad2fbc43a57a16e33b4d6cd00c841fae779c00adb0c5c3beffd5e4cf33
SHA512 2c0cd1d3df20531d02445d67ead5bae717fc017d01638e73bde3e0288659e08bb315cf09795a3e8a86c369c420bafd90ce4ed2b4c83e04544808383ea2cde069

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a8dad2e6c1ae426ba2a9f26c6dd10ce5
SHA1 7e964f34503c31514b4b21279ee1ace684e009b2
SHA256 f8c1b933189525ae854a470860afd12a9066b04050e9df3cbd9953bd42821a89
SHA512 9550cc52724cb4587f31ead70c11d419e367a4153867b08b68b7cdc8c35e2877230c74a0e8365d02c803a76f790fb1ed11af05950209041e06b2685c1deb6718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 11109df78bdd02c6511ec15794d37e1a
SHA1 a2d36cb905359dd21177a2cb369308c969aefbd6
SHA256 187f78d2af6e3207adb4104cf0018d36dbd8620b52b9c38ff50edafaded546c2
SHA512 5cac40665247c118755d52ecc9ee71939e3258e4d99c680c5f0fa0469999c200b2aa8c338a9e7c7ebe6b6abf9f9684edf28afcc7d07af551d326427babcabf48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2aad15ab84234944391a6c1d57d1f66e
SHA1 eba160c102a694017db01a7a7556363b0a1f9d4d
SHA256 bfbeb19f179dd71422d3f8a778f8d3f25f11f65e2fc27f85b2dc1cc7bdc56c1b
SHA512 b11173de06021ba7529348e1367cb33faf6611710202e331a6ad308476b32dacdf7a8ce70779cf5aed9e847963bb1a10b7a75b04cbe657be1139404484d3afb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

MD5 9776cca3ef24c6212613af170a875dff
SHA1 6b4920a2a64806ca345a73e665343c79ca15f7ff
SHA256 12e4fd938d9ec48123ac95a2ebae795487717e80c631ad2a6d18909b67d2dd50
SHA512 f36de04f4492b5d549c320ede7dcda5cc29062f7f1631f1ee869160ce711f3e2999fc9ddada5b4db75a68547baaed63c2d13c9ff279036d3df165bb20746dc7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 738bc2b9258c9df999206ba98d98571f
SHA1 bc0a4482a5307da17bf79bcb8357a4096e229cbb
SHA256 4b2dbdae5e276e2758698af748ef79d48e577a39564a50e900fea3eb341b91ad
SHA512 9c9e11e656430d80cc724dbc63f6be0b8809af8f35ce5082fdb8c74e754702c22fe2f2c811745325daa94686e8a52422e5986d3c86b0c8de200bfaa1a7084c36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d339be97359b6b9d2432515d4de597c
SHA1 93d21b8b51032b4e1b6af4f9efdec7c7b898b3ec
SHA256 e9b684c565b571eb8052c3429f61de60662b7cfe1ec5df0a74045591f285162f
SHA512 fe5c2fdf62bdcd345178f39445bace0bee894b7789e0881d6e206de507e8a46d3542a06a316eaf6fcf812c8267c53ec0001936336807776aeb218a793b11b405

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 619084e165b855aeaeb786964ce08afc
SHA1 d388c2b908f3e8b5a203b91b8787d7c7e142a1b5
SHA256 fbb975d360a093447c9e167584688bc5f5746f963fe28849ea1878bb07c1eaab
SHA512 bd5f8da6d3f26b9a72e5a08fd8c4f980ebaf51a82c8a8d78f7bfec0f49c02b10fb1ef5ecf2f9b53bcf3f80c9558a6a776809a41e4128cff8c6f9d110d1436acb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6859bb757f56d739e4370f338846adfc
SHA1 14d35b3910e7271a438a4e723a5edb88fbab9d8c
SHA256 1990d36c34f13686ff2a70a274dc7d6f64dd4b192f7b02d1e3ab28d32c99be4d
SHA512 f8728d1f29309f8c37714d5612421a3deb0dba36742b30410c8f9ba99fe84e76e345dab4d2306f85d4688cfefbccc80b9ea41d3cf733ed8961005c29b8963a82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a81bb08e499c7eab92d6b8b4f657f05
SHA1 bbf0ff7b6513cfeb45c337faa57d88539303c3cf
SHA256 b81a2749d6e084a7eb5c4214a24b113ed7a438bf36126657269003330caf9606
SHA512 8dd26996626d811ad34823a507723ac3f35beb6c7b0a799296a2bb0c6888b3dd68c5c4fa050e52553ea3079d4e0b761567fabf900583c64d373608c41be7731c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d5d69850060d739a9705c0f0f1875081
SHA1 4c872eded74e51bae6cc38549410ae3fad87b240
SHA256 a1b2db2cc67621c11d60c4fb36aae7cc8ffd12d0e00358a8c49a220a515366d2
SHA512 94a594dc9a0ae4f06b6a92f3109dc8576beb32a48785b4e96d0ec0f483717187ec7f2f32bbe660c99bcbe5301c289877cd6fb0118e67c7c3408e19e2c126923d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a0ee3d663b57d04e8c2b35693af4b72
SHA1 95c5da8f89b8198dd9d9ea2532d9f0a9e927ea99
SHA256 052d52ebd33bf6e7928da00fdfae2510313e2f6a6aa97eca87a6de11b09bc828
SHA512 378707267d8e3eea31571d2d654ec0629ef5eb3111060253c244a16da2b38884a13b41217d1d35de7b4749ad2246bca8d93faeb6ba1ec1aeb45e92a3f02e23f3

C:\Users\Admin\Downloads\PanKozaDestructive.zip

MD5 1396cbc82c43251c541f742e589f2467
SHA1 f98dc13a6c64fb82a6baf268d4e204aa52d2e669
SHA256 de6bbdad02329e369305e75cf3ee421d56a7f9430dee20d11b6dd34291c86af9
SHA512 02ab9ab99d69ef6f633a8b536769996791f8788ba4539f81191350a5bdf9862b5d79e7bd71fae2a8738f21fc5c4e7491007fb5db45b82eddb4f995b5a949f0dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 4ac7c9299f2c6e9b9457a22fdd70eb11
SHA1 277b43c25e096403f0037279008a7822dd356b42
SHA256 ec0160793757fdf6bc1f7a26c0e4089687df42b3f6570de0826747b5869a69fd
SHA512 f31e40452fa98490fe919faba1f345e0d486cc3052054955a1d34d4e847855af05a3498e86ef00f4da56bec5564915884a0fe24d18c89d2acc7f339efc3fa5bf

memory/1900-1325-0x0000000000400000-0x00000000004F8000-memory.dmp

C:\Users\Admin\Downloads\PanKozaDestructive.exe

MD5 4860c95131365be3bfa06efd3d95b7af
SHA1 3bc68ad8b5725137ff85709988ef434088ae2c81
SHA256 7bda3690420d2b0cf562713a67b95071d9b44ac01bfabe6cab4c4acbbaa04737
SHA512 00dcca22cd2feeab004a44f8f61c8c67172c88ee4ff4fa8dd495d09606fb6f231be79c8a2707e1c8cc934ffda73445bdaeb05f5ba77034cfbce3a8af75c7f00e

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\PanKoza.bat

MD5 24f0349bbf490fea5eb3acbf54bd1ba8
SHA1 e3ca3514fe098b27dac66dfaa93e035fe6ef25f0
SHA256 78c3005b4d5f500de7d540822cf2c334fc585a6a0d45da8c4af47f1500239899
SHA512 4aac8a6652c1ff52c797344299f5f21746ff1769425bcdbbe4b04fa9363619e320811a8bf8ef0c18e7d0758f38d6a33249c14c9af4a3773da61bb2d7910fa26b

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\MBRPayload.exe

MD5 3aa620597abcae5c26b71e21e15b9acf
SHA1 ed797bc834050bc108a31f1511102608943391c5
SHA256 91f9327997754b0238caeff5cffced7eed3e13d5ac39dec87b329678bee8a145
SHA512 562de36b77f6cf5a369c8b434fb5605ee4169fa50c6a4df4d22c1a64dfec39d779b1fc285407ab851ef27b33061159cb1bb548079fa0d0a3d2e10517f8ee0b12

memory/3764-1347-0x0000000000400000-0x0000000000423000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\note.vbs

MD5 b41b06859fca8e157db46e6609e4a51d
SHA1 8daa0836735347c030e641abdc277bbd66662c33
SHA256 f613aec542d7967cae9d01794b7061bce5083d68c825821a5b702e97f32039c4
SHA512 4290d132c7c1ad154a3ade465e810e9fe4db5a8e0604a35d53e82a6482cd22fdd8ba74e97c0bc2e146e2bcf2ecc9afcc4e4e358e98b353168b67a71b71ced75c

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\sites.vbs

MD5 5c5324b059b0abf1824a5223832b8479
SHA1 145c596bd6bfc1bfbd1a5a2aa8e5f4b3cef4ef57
SHA256 9fd517699e352ffb9fd73319eb1ec58e7e771457f6e7c1d715e0f57e1d37d733
SHA512 b8219eba1d34c83cc193b5ba2da8aa9dce4f8b221c9aac3a52256e6c2855b77be4270a629dec7e36c92652f9b5e4c1dbc84b91a3bcdca663cc3d728eada6c3e3

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\melter.exe

MD5 d9baac374cc96e41c9f86c669e53f61c
SHA1 b0ba67bfac3d23e718b3bfdfe120e5446d0229e8
SHA256 a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412
SHA512 4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

memory/3976-1374-0x000001CDE4D20000-0x000001CDE4D30000-memory.dmp

memory/3976-1358-0x000001CDE4C20000-0x000001CDE4C30000-memory.dmp

memory/3976-1393-0x000001CDE20B0000-0x000001CDE20B2000-memory.dmp

memory/3644-1402-0x000001F7C14C0000-0x000001F7C15C0000-memory.dmp

memory/1900-1407-0x0000000000400000-0x00000000004F8000-memory.dmp

memory/5000-1420-0x000001F53B510000-0x000001F53B610000-memory.dmp

memory/5000-1429-0x000001F54BC10000-0x000001F54BC12000-memory.dmp

memory/5000-1427-0x000001F53B650000-0x000001F53B652000-memory.dmp

memory/5000-1425-0x000001F53B630000-0x000001F53B632000-memory.dmp

memory/5000-1453-0x000001F54C1C0000-0x000001F54C1E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S4B65DQJ.cookie

MD5 9ffc5cb788eacf7c8b194015bfd55735
SHA1 f9dfe5c391128f16cd4ce69bd15548443a46ebd9
SHA256 5237baf2eac4d88e75c6ccd21881bbb67b1baa738aa00464c5e6c12b37515007
SHA512 39bf842dc29c318bcbd17788d616a16ad553d93fb8d2f1b58f19234c8e2a2dfcb7bd1721006b7cf82135b14ef7c32440df21e6c89da90f54a260620ae846d41d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 9ddd6a3b6ac61ff0625fb36e3896f4b3
SHA1 23f10004e727b31b3ddeb96b64fe910c8f0dde33
SHA256 93fcb2a63f738a9796fafca68058fbcc1ec101d973d34ed79f6a8a782eb94f95
SHA512 8fede97647e206b269890c75feb6d6b163505c7616bf0aca0c2476dee8086141b6b4b91cfbc04a37a55ea9c3fd1ce197fa4ed86ddd0366d81a25e77939ff7df3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 c2ab7937f3c942835cf67555165498f5
SHA1 bc56ecdb794d467d095daf0f4c0ef17a9641a8d9
SHA256 81d99073213ad43edeb7f2a894039d79a753ff4e23bba25d82f6d9d1755e1956
SHA512 edf5bd8d52d2e2e24696f52fb105b4dc11be50fa8485affcdbdecdf2e83d563e45bc82c7bd96f85f3420ee4c71078b84c71dac7966d218437f4d25794574e0f9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 827ea698460a2fb2919313dcf81ba95e
SHA1 c7b1a6efbb96baaa3a2f212bbba2b3d9f61ab888
SHA256 7c6aa5ece1c725b74c439848cfc2a8d714be33334386864e33804c25b0994826
SHA512 ae267a9f7a366e0f3a58d81dcfede13b6aa970d90c65eedd01686f50e07cf5bf1ec1647d01a567d7a30771824e4568ce4bfeb81ca2eb6a14dd9021d1916ab509

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 686513adddb8d0ec2f3eb27597f1c6b1
SHA1 70790a3d3843fb7d2ad5c1a9b6c8c712fd19c331
SHA256 f2155ea5178be453858f9dfc65c59573af68dca5512fca87b93a15a4d26c8a68
SHA512 40c8c622e690ceca84ba343b6f282db87e90684af054975241d69bfd54bd2063ba2f457f2e555f9d9f25776011c8f6200c67a3ea550ee5059d5c8442f2547bfd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d5fde6b3946d2530d6eebabf5f761106
SHA1 5f80a89536f0974aff84e1dda794dca68b2d1b9b
SHA256 50ff4df4fc4c01e89d98f011da31b8a21cd229787536051a559c89afeeb90538
SHA512 8b4daf9703e75d0d0df980877b6afccef055eab3d9ede31e28aeb6a667b3ede16bb858113bb5516cd5a3def08707fbe4fdadc4ce201de7442fe8c9f757d1c77a

memory/4224-1505-0x000001667A4C0000-0x000001667A5C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CURPHQ3V\web-animations-next-lite.min[1].js

MD5 5ab6c49dc7432d357d58fa452be3bff0
SHA1 b818a372657035d83161a32d42db3503b8d64b77
SHA256 2a39e309723372fa708ad44312f539e86defc91f28fd36e71a44e3b59c36537c
SHA512 33fa611bdde181cf1db7ffffaea01eb1cea240b08b0ee8c9141edc84dabaed419049f78223b305a3ac4c0d2d047971a917bfd2a0215c8845aea9752ca3321745

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CURPHQ3V\webcomponents-ce-sd[1].js

MD5 8a3c79faed4aafeb6f033759270f4009
SHA1 2c5d1a5ccd7b4378a98e29d6c1a9a513fd700b77
SHA256 ef2634fa681d36decb5bed34ec4a9e7d330de160020e2d7566273e71284993c1
SHA512 a40a76b91a30626488848eb40a9b95ddc4e880574b1cdbda8dd397f4fac25c2315e95e2851b81210b6263529250e9b7f5780d1f796a603a9658a7e15d19b5a71

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FJT5PZ3H\intersection-observer.min[1].js

MD5 e02d881229f4e5bcee641ed3a2f5b980
SHA1 29093656180004764fc2283a6565178eb91b5ef3
SHA256 8037c1f1e0e4d3d7955f591a14a4b4d090141f1d210ef8b793ce5b345f08f7f5
SHA512 f4e8e21b91ee33879a2295215cba91e12851891165fe3f9f98913022280ef8192fd3f5def06aa8ac1fbe6d43d09034b0bb8e29e8703366a012e1fde6ff2828db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AKZ1D1LE\www-i18n-constants[1].js

MD5 877a2b1590385d79323ef992abe9e961
SHA1 f2f65882785537d6f3eeba7f02ea233f9e55672f
SHA256 ff474db3ea4409f034cbae6ae738bc80fb18734ccd38f87fcde90d02e11cfac3
SHA512 c7b9bda266c59a19476d7eaa3f6bc10d8d916345ff4195ee5932f5d5d884a487407552a29d576a9dd53dfd2588069c7376f660800f5ab7f8e1bea78cdd146e14

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_61C09DF1C88E9FAC26BDA537331B8625

MD5 3c141c8b0faa73eb498795b459d25373
SHA1 9fbe36890d31f3f602d2e40d07c5a0e54c52ac8c
SHA256 4a0519eaf8f84d79a6fbac696642dffcdb697e53286909391c18898fcc9228a7
SHA512 13c28b7bdbd4e6cbf4fcb279586f5f4c3ba7591db07046d2264a58f4ded0550ddda06e820dfab8a335f94cf167f6f340c3885cf4b917424a9dcd8e1f10434b1b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FJT5PZ3H\www-onepick[1].css

MD5 9ace9ca4e10a48822a48955cbd3f94d0
SHA1 1f0efa2ee544e5b7a98de5201fb8254b6f3eb613
SHA256 f8fdbb9c5cdceb1363bb04c5e89b3288ea30d79ef1a332e7a06c7195dd2e0ec4
SHA512 25354aeecb224fd6d863c0253cd7ad382dce7067f4147790ee0ce343f8c3e0efb84e54dd174116e7ad52d4a7e05735039fa1085b739abbe80f9e318e432eed73

memory/4224-1535-0x000001667AD20000-0x000001667AD40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FJT5PZ3H\css2[1].css

MD5 5912f3bba71c222672dfa244a60acef0
SHA1 317a49729bb8654c3986e6b32278258a1d692d81
SHA256 48708ab3b01bc53a736f7f85e0badd9174872faa981e78b32c16c4efcaa59d99
SHA512 770f13af0d6ebe7ff9d925efccd05b0b2e5afd5fbe19770562d88936d541a298a49aea028f5122a255fb5026b4a5f37c0cf52831212ecaaf378a5769ff0379f7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_61C09DF1C88E9FAC26BDA537331B8625

MD5 7ce235d1dee8a32448518c8738bbf105
SHA1 69012a48ff2a02066e707ed3de49d6d38dbbfc98
SHA256 22c01a85dac1e6bfec8741f7751b93a0d4a4a446c6ef412b6abd85ffb554a793
SHA512 ccd32999f5a2c4ecdc61b35def458c5a88bd6a1f3e9fa4c7c26e21678552a95fe142d6c912d1711890c73bf5a80479822127824c8da735f10efe20756ae76648

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AKZ1D1LE\www-tampering[1].js

MD5 27d1118bb0893c14ba27a6a7aa9ceb1a
SHA1 67f1952f76f5bb033164ca7ed780da90fa79e303
SHA256 96c15fa1833d49039eb8b31068b40424263e516389b972b192147e90b9b49023
SHA512 56cab56feab09c3ad4bec4813c240de27b3f5aafbe7204ccc4f982876b1409f6891d802435566c72061883329e3eabe7d430ffcb97e3bfadc4f69da53b6a405d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GXXGF5SS\scheduler[1].js

MD5 0d27e3657f88acb00b70f55b2dbfe8b9
SHA1 3ed02109fb8c48810257a81285b1888512c9f86e
SHA256 37e2ffa625da376d22ecbcfcc9934a0c29e3087ede6fc3ae7f34977dbd4ad87a
SHA512 0771c07015a7e1762a08075fda3cdd86e99663e6ee0c0444c40227d0b1a33ac028e09514484d714da701d5e0f0a24699312dc2a30706fc1fb0dacca63d7a01a8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CURPHQ3V\www-main-desktop-watch-page-skeleton[1].css

MD5 64c8e3b11cfffc8ebf2240e4f46ab492
SHA1 71276680811731f983502e477a87e87cfe72d75f
SHA256 3acc199c41eb3c884ee9884c15e6b78975499be2255aa203dba38ef24440181c
SHA512 497a48233bb198e05517e2cba003c2c5ba25183e1654b5b8252b9823f0859497ccab66a77e243238b27ea6eb826ae4fc72efb2f32b2b378edee7f9dfb87f4756

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CURPHQ3V\desktop_polymer[1].js

MD5 829f3d26ea93ab6c845169b6f2145f22
SHA1 c7eb5e4194db3163858acbad089cecadbee2c360
SHA256 82d792efb30aca08858aee013f989b6eb044967ae0b718dcf78cb4d1d6ea1012
SHA512 bc4c746624df27aefc44e5befade18b778afa2b817e9fc4bf1ccedca4ff2d11bfd2382703d3ac80687c21e425d8e2f1dfdcd8c11b57b0398760019e2960ba000

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GXXGF5SS\rs=AGKMywF9MmMcy4UXEdYIeP8N9122HWgkSQ[1].css

MD5 f84b2d321c566e7d040c9069f9ca7c3f
SHA1 50561f42585379ca51bad60b6fbdecab7d1cbd6f
SHA256 ba454835d08eb878753973337ccb0d43a8f22f79994c621f65456c1687b004b7
SHA512 ba98b11a169536f78ad33a57e60f6ed08fa12a991b86a1203910b9ca1a907458598ea42af3b5f3790ccef64aa19273715c0e6a1da2d3680d3fc3592cab3bd78e

memory/1032-1551-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\Craze.exe

MD5 ad27143d078706b7cadcbb3f63212384
SHA1 71e532c89954881636f8fe973b9ea035a9e2de6d
SHA256 0b86d60e99e9f4a3bfa60cd447ac62eda52428be564f777151c883fdf547fb26
SHA512 39d8abb4883d3db96a88e88ea76ec8cc6a11e8905eeba593789a08b7d26cf449d682b2537cda790b124e06dc94bede7a78477f941220fe47d3e7ffad3bf9868b

memory/5236-1556-0x000001BD19840000-0x000001BD19940000-memory.dmp

memory/5236-1557-0x000001BD19840000-0x000001BD19940000-memory.dmp

memory/5236-1555-0x000001BD19840000-0x000001BD19940000-memory.dmp

memory/5236-1560-0x000001BD2A0F0000-0x000001BD2A0F2000-memory.dmp

memory/5236-1566-0x000001BD2A150000-0x000001BD2A152000-memory.dmp

memory/5236-1562-0x000001BD2A110000-0x000001BD2A112000-memory.dmp

memory/1032-1575-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\67B5.tmp\screenscrew.exe

MD5 e87a04c270f98bb6b5677cc789d1ad1d
SHA1 8c14cb338e23d4a82f6310d13b36729e543ff0ca
SHA256 e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338
SHA512 8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

memory/5528-1583-0x0000000000400000-0x000000000044A000-memory.dmp

memory/5608-1584-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5744-1585-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/1900-1599-0x0000000000400000-0x00000000004F8000-memory.dmp

memory/5744-1602-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3IJIJAFG\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 555b9af949f953a40e6d49335c8eed7b
SHA1 04b4e80e875d7418fffb14770133ba09df4ff327
SHA256 29e2710a481cc9af284941aba7b1bbd90bde3b3fb6d7afd826cbed1dac2a359c
SHA512 0483978cb647636d24987bee1bc41793d495df8d9516afa71806c92a4e3257bdba8e3b8ddc544afb8fd396976ee931816e43ab97ba7f13ecb5fbad659c218d19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5f7499ff8bf79bb4ce1e06b698069a55
SHA1 cc748da8da3bc42f6344e9e52c62dce94e025872
SHA256 fd0a149b75fbee7f9adfcde705b100df17beab059c652ba83a5b30c7d9f1ecf5
SHA512 9ff0334393b78baa1fc6c5db017b0bfa65f4a59701d917754f2616b6a565ea8ac74d85c1051c8a21fb71a99f21d3110eae72c7bd1bf643e99e7e32d6f663d9bf

memory/5744-1847-0x0000000000400000-0x0000000000474000-memory.dmp