Malware Analysis Report

2024-09-11 03:32

Sample ID 240619-xq8t4ssanq
Target MEMZ-virus
SHA256 ba6159b11414792ad9fe0fd3a11dea2c006c87580178aa6ca80e2917537b1fb2
Tags
discovery evasion exploit persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba6159b11414792ad9fe0fd3a11dea2c006c87580178aa6ca80e2917537b1fb2

Threat Level: Known bad

The file MEMZ-virus was found to be: Known bad.

Malicious Activity Summary

discovery evasion exploit persistence trojan

Modifies WinLogon for persistence

UAC bypass

Possible privilege escalation attempt

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Modifies system executable filetype association

Checks computer location settings

Executes dropped EXE

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Enumerates system info in registry

System policy modification

Modifies registry class

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Control Panel

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Winlogon Helper DLL
T1547.004
Event Triggered Execution
T1546
Change Default File Association
T1546.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Winlogon Helper DLL
T1547.004
Abuse Elevation Control Mechanism
T1548
Bypass User Account Control
T1548.002
Event Triggered Execution
T1546
Change Default File Association
T1546.001
Defense Evasion
TA0005
Modify Registry
T1112
Abuse Elevation Control Mechanism
T1548
Bypass User Account Control
T1548.002
Impair Defenses
T1562
Disable or Modify Tools
T1562.001
File and Directory Permissions Modification
T1222
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-19 19:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 19:04

Reported

2024-06-19 19:22

Platform

win7-20240508-en

Max time kernel

912s

Max time network

843s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-virus

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2420 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-virus

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6aa9758,0x7fef6aa9768,0x7fef6aa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1401d7688,0x1401d7698,0x1401d76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3408 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3016 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2424 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2120 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1700 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2028 --field-trial-handle=1212,i,2084887143024907180,10954750639740022837,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2420_DGEOUCOAQMVSGAZB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 046310e7b7f5664c234bf264dd44d45c
SHA1 c1836dca617c3f0f950af3ae87aed9f78e5b94ab
SHA256 ef5a5d4005e59f548cea6dbd1a3017f20edc0938bab9121b24211f69d5ae8fb6
SHA512 7e3c1a87cba46baf3336995b1b65f05366ac634be532ed093a1b29c53d5a82071e526149f1609c2c18d4c1bf1ec512e63ab3b559a098438c2014a5981cc2b3a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b92e29528cfe5b6d530feba264055412
SHA1 90a05468fc4c7ee4d719114b0efc67d261e4e83f
SHA256 27b82f25fb3df54d3691f709495d8095629bab827746d91c912fd0a66b31728b
SHA512 b1cec60b64296aba39b477c0ca17a87400576eac73070df8ece21dd1d30660f784b818f6e5ab38aebb5ecddf9f8828dbaec4c8696d7ad7e38e6e2218274a6d5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 370b0c1a19c80c094745bd7a803f5a55
SHA1 0caaca587b9ec8719a3cb34d7520501ac9f85b3e
SHA256 98e695962118ec6ca3bae2142a6666d4ea7bc9b8248263e6b2e8cedfa51d65eb
SHA512 cb15c5664b11555149411ccf3a6322000a3d2b4dee25b1e477eff7c5a0ce3444d9a04faec4a382d912c5331f086960a61ffc25a5d580c3ed5350dfddbf99dd48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7bbcae14b3d3e04720734e7307694fc8
SHA1 a4d2476e4f527af9e7aec5df28a5a0e305701646
SHA256 9cead10d5b19d807f22ae01f23aabd75d454fc4c0ece5ef811d0ae93a77e2580
SHA512 65a495877fb9e0ea472df4effc811b82dbb71c2e2b2a3d68025a3ac97266dab4567767b19ca7917bcd6662e1145c25ee3d820332469e7c64b4257c780fc71d63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24587662031970401420dd7ad765cecf
SHA1 f53e8350fc19f3da4a7a1053cd0f01457bf85082
SHA256 71970c9e75f347534291ab5f89ca2a452eac3a195d703f90add838fcab0f80e0
SHA512 c791907124f0918c8b2639af384348be3eb03385b5d6f6ae887759fbd3b03e0138f12345d190ad44dc4180c0e11f30475143209ab275b665b481735c75e2e288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\45b3cfed-58c5-4740-b571-efaa8701689f.tmp

MD5 d678469debf59015d108f205d156298f
SHA1 ca4b1c2422f3aba7da9011db2b8140fd3496e662
SHA256 d35421de9f9b5e31393003b37d559573880f548a580654cfdacf969085a7eb68
SHA512 29d7c45c87c7e1c74c54504e07bebaaa3a3db9b19773858e871aa2f8994b7162e7e3621265c8c053df22383c23494b67b7393ea49027ae4c165de8b3a0446342

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 19:04

Reported

2024-06-19 19:09

Platform

win10v2004-20240611-en

Max time kernel

300s

Max time network

304s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-virus

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\MicrosoftWindowsServicesEtc\\xRunReg.vbs\"" C:\Windows\system32\wscript.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" C:\Windows\system32\wscript.exe N/A

Disables Task Manager via registry modification

evasion

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\System32\takeown.exe N/A
N/A N/A C:\Windows\System32\icacls.exe N/A
N/A N/A C:\Windows\System32\takeown.exe N/A
N/A N/A C:\Windows\System32\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\MrsMajor 2.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\MrsMajor 2.0.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\MrsMajor 2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\eula32.exe N/A
N/A N/A C:\Users\Admin\Desktop\MrsMajor 2.0.exe N/A
N/A N/A C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe N/A
N/A N/A C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\takeown.exe N/A
N/A N/A C:\Windows\System32\icacls.exe N/A
N/A N/A C:\Windows\System32\takeown.exe N/A
N/A N/A C:\Windows\System32\icacls.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\system32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" C:\Windows\system32\wscript.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MajorX = "wscript.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\xRun.vbs\"" C:\Windows\system32\wscript.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\taskmgr.exe C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\System32\sethc.exe C:\Windows\system32\cmd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\program files\MicrosoftWindowsServicesEtc\data\excursor.ani C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\Major.vbs C:\Windows\system32\wscript.exe N/A
File opened for modification C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\example.txt C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\CallFunc.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\data\runner32s.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\majorlist.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\NotMuch.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\majorlist.bat C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\WinScrew.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\DgzRun.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\GetReady.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\bsod.bat C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\GetReady.bat C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\majorsod.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\majorsod.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\checker.bat C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\clingclang.wav C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\data\fileico.ico C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\data\thetruth.jpg C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\fexec.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\majordared.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\xRun.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\data\eula32.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\rsod.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\breakrule.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\RuntimeChecker.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\breakrule.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\bsod.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\healgen.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\Major.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\RuntimeChecker.exe C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\WinScrew.bat C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\cmd.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\weird\runner32s.vbs C:\Windows\system32\wscript.exe N/A
File created C:\program files\MicrosoftWindowsServicesEtc\xRunReg.vbs C:\Windows\system32\wscript.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\Cursors C:\Windows\system32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" C:\Windows\system32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" C:\Windows\system32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" C:\Windows\system32\wscript.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "120" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632975356690456" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon C:\Windows\system32\wscript.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4204450073-1267028356-951339405-1000\{F86875C0-4FCD-4BF4-9E35-88C69F3D2D2D} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3164 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system C:\Windows\system32\wscript.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-virus

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee2b9ab58,0x7ffee2b9ab68,0x7ffee2b9ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3676 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff674b2ae48,0x7ff674b2ae58,0x7ff674b2ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4732 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4076 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2296 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4968 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4572 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3200 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2516 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5412 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1700 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5456 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3528 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5636 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5384 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5600 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5412 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5744 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4172 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5704 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2308 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=1684 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4944 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5532 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=1912 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6100 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6512 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6532 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6832 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6768 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6708 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6720 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7072 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7352 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7632 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7824 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7976 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7864 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6288 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6276 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7088 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7992 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7140 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8344 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8400 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8408 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8296 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7288 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8980 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9024 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9364 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9388 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9676 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7604 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9692 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9132 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9124 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6952 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=7588 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7520 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8996 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9148 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9492 --field-trial-handle=1900,i,941879872076602777,10774062266608707327,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\MrsMajor 2.0.exe

"C:\Users\Admin\Desktop\MrsMajor 2.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\5A03.tmp\5A04.vbs

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe

C:\Users\Admin\AppData\Local\Temp\eula32.exe

eula32.exe

C:\Users\Admin\Desktop\MrsMajor 2.0.exe

"C:\Users\Admin\Desktop\MrsMajor 2.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\7135.tmp\7136.vbs

C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe

"C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\93D0.bat "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe""

C:\Windows\System32\takeown.exe

takeown /f taskmgr.exe

C:\Windows\System32\icacls.exe

icacls taskmgr.exe /granted "Admin":F

C:\Windows\System32\takeown.exe

takeown /f sethc.exe

C:\Windows\System32\icacls.exe

icacls sethc.exe /granted "Admin":F

C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe

"C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe"

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 5

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3896055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 tiny.cc udp
US 157.245.113.153:443 tiny.cc tcp
US 157.245.113.153:443 tiny.cc tcp
GB 142.250.187.238:443 drive.google.com udp
US 8.8.8.8:53 153.113.245.157.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.42:443 blobcomments-pa.clients6.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.200.42:443 blobcomments-pa.clients6.google.com udp
GB 172.217.169.10:443 content.googleapis.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.227:443 id.google.com tcp
US 8.8.8.8:53 www-ezyzip-com.webpkgcache.com udp
GB 216.58.212.225:443 www-ezyzip-com.webpkgcache.com tcp
GB 216.58.212.225:443 www-ezyzip-com.webpkgcache.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 extract.me udp
US 104.21.41.37:443 extract.me tcp
US 104.21.41.37:443 extract.me tcp
GB 172.217.169.46:443 play.google.com tcp
US 104.21.41.37:443 extract.me udp
US 8.8.8.8:53 id.123apps.com udp
US 8.8.8.8:53 s85.extract.me udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 142.250.200.14:443 www.youtube.com udp
US 104.26.15.12:443 id.123apps.com tcp
DE 168.119.136.85:443 s85.extract.me tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 104.26.15.12:443 id.123apps.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 37.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 12.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 85.136.119.168.in-addr.arpa udp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 e2c50.gcp.gvt2.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 35.212.16.125:443 e2c50.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c42.gcp.gvt2.com udp
DE 35.207.191.46:443 e2c42.gcp.gvt2.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 125.16.212.35.in-addr.arpa udp
US 8.8.8.8:53 46.191.207.35.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.187.227:443 id.google.com udp
GB 216.58.212.225:443 www-ezyzip-com.webpkgcache.com udp
US 8.8.8.8:53 cdn.fuseplatform.net udp
US 8.8.8.8:53 www.ezyzip.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 ajax.cloudflare.com udp
US 8.8.8.8:53 cdn.filesizejs.com udp
BE 88.221.83.131:443 cdn.fuseplatform.net tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 104.21.20.195:443 cdn.filesizejs.com tcp
US 172.67.69.234:443 www.ezyzip.com tcp
US 104.17.73.14:443 ajax.cloudflare.com tcp
US 172.67.69.234:443 www.ezyzip.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 151.101.188.84:443 assets.pinterest.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 8.8.8.8:53 www.dropbox.com udp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 151.101.188.84:443 assets.pinterest.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 195.20.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.73.17.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 84.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 119.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 172.67.139.119:443 ka-f.fontawesome.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
FR 52.222.149.52:443 cmp.inmobi.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
BE 88.221.83.131:443 cdn.fuseplatform.net tcp
US 3.165.118.121:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
FR 52.222.149.52:443 cmp.inmobi.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 3.165.118.121:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 log.pinterest.com udp
US 8.8.8.8:53 121.118.165.3.in-addr.arpa udp
US 8.8.8.8:53 52.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 40.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 151.101.128.84:443 log.pinterest.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.157.128.118:443 api.cmp.inmobi.com tcp
DE 18.157.128.118:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 84.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 118.128.157.18.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 57ed287bb06512de77916a65b91803fb.safeframe.googlesyndication.com udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 prg-apac.smartadserver.com udp
US 8.8.8.8:53 publift-d.openx.net udp
GB 172.217.169.65:443 57ed287bb06512de77916a65b91803fb.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ssc.33across.com udp
US 8.8.8.8:53 i.connectad.io udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 a.teads.tv udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 tlx.3lift.com udp
FR 18.155.124.109:443 aax.amazon-adsystem.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
FR 91.134.110.129:443 prg-apac.smartadserver.com tcp
FR 91.134.110.129:443 prg-apac.smartadserver.com tcp
US 34.149.20.76:443 ssc.33across.com tcp
US 34.149.20.76:443 ssc.33across.com tcp
NL 185.89.210.141:443 ib.adnxs.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
IE 34.253.137.153:443 ap.lijit.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 35.244.159.8:443 publift-d.openx.net tcp
GB 2.21.189.110:443 a.teads.tv tcp
US 104.22.55.206:443 i.connectad.io tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 52.49.45.15:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 d.turn.com udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 83.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 109.124.155.18.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 129.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 76.20.149.34.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 153.137.253.34.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 206.55.22.104.in-addr.arpa udp
US 8.8.8.8:53 110.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 15.45.49.52.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 202.228.220.67.in-addr.arpa udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 99.80.191.128:443 rtb.gumgum.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 u.openx.net udp
IE 34.253.242.146:443 match.prod.bidr.io tcp
FR 18.164.52.116:443 s.ad.smaato.net tcp
US 64.74.236.31:443 b1sync.zemanta.com tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
IE 63.32.136.184:443 ce.lijit.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
NL 178.250.1.3:443 static.criteo.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 128.191.80.99.in-addr.arpa udp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 146.242.253.34.in-addr.arpa udp
US 8.8.8.8:53 31.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 116.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
FR 5.135.209.101:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 dis.eu.criteo.com udp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
US 8.8.8.8:53 sync.inmobi.com udp
US 8.8.8.8:53 amazon-tam-match.dotomi.com udp
US 20.253.0.30:443 sync.inmobi.com tcp
NL 89.207.16.140:443 amazon-tam-match.dotomi.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 se.semasio.net udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 101.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
DK 77.243.51.121:443 se.semasio.net tcp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
DE 52.57.239.98:443 match.sharethrough.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 stx-match.dotomi.com udp
US 23.22.229.130:443 ssp.disqus.com tcp
NL 63.215.202.140:443 stx-match.dotomi.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 64.74.236.31:443 b1sync.zemanta.com tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
DK 37.157.2.228:443 c1.adform.net tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 s2s.yieldlove-ad-serving.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 64.74.236.31:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 tracker-shr.ortb.net udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.adkernel.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 54.164.16.2:443 sync.srv.stackadapt.com tcp
NL 35.214.177.221:443 csync.loopme.me tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 147.135.71.203:443 tracker-shr.ortb.net tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
DE 52.29.50.107:443 s2s.yieldlove-ad-serving.net tcp
US 8.8.8.8:53 ums.acuityplatform.com udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 sync.serverbid.com udp
US 8.8.8.8:53 aorta.clickagy.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 98.239.57.52.in-addr.arpa udp
US 8.8.8.8:53 30.0.253.20.in-addr.arpa udp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 130.229.22.23.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 221.177.214.35.in-addr.arpa udp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
FR 13.249.9.36:443 sync.serverbid.com tcp
US 52.204.155.235:443 aorta.clickagy.com tcp
US 8.8.8.8:53 tr.blismedia.com udp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 34.96.105.8:443 tr.blismedia.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
IE 99.81.105.107:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 dis.criteo.com udp
NL 46.228.164.11:443 ad.turn.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 8.8.8.8:53 um.simpli.fi udp
IE 52.17.40.72:443 sync.crwdcntrl.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 104.22.51.98:443 mwzeom.zeotap.com tcp
NL 35.204.74.118:443 um.simpli.fi tcp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 simage2.pubmatic.com udp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 image4.pubmatic.com udp
NL 198.47.127.20:443 image4.pubmatic.com tcp
NL 198.47.127.20:443 image4.pubmatic.com tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 107.50.29.52.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 2.16.164.54.in-addr.arpa udp
US 8.8.8.8:53 79.122.59.154.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 203.71.135.147.in-addr.arpa udp
US 8.8.8.8:53 235.155.204.52.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 107.105.81.99.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 72.40.17.52.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 34.149.20.76:443 ssc.33across.com udp
US 104.22.55.206:443 i.connectad.io udp
US 35.244.159.8:443 eu-u.openx.net udp
US 8.8.8.8:53 cms.quantserve.com udp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 dsp.nrich.ai udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
FR 141.94.171.215:443 pixel.onaudience.com tcp
FR 51.68.39.188:443 dsp.nrich.ai tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 81.17.55.97:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 215.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 188.39.68.51.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 49.194.101.151.in-addr.arpa udp
GB 216.58.204.70:443 s0.2mdn.net udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
NL 35.214.177.221:443 csync.loopme.me tcp
US 8.8.8.8:53 d5p.de17a.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
SE 213.155.156.185:443 d5p.de17a.com tcp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 185.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 core.iprom.net udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
FR 141.94.171.215:443 pixel.onaudience.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 ps.eyeota.net udp
DE 3.124.210.90:443 ps.eyeota.net tcp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
US 8.8.8.8:53 172.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 90.210.124.3.in-addr.arpa udp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 green.erne.co udp
IE 52.215.155.11:443 cm.adgrx.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
FR 141.94.242.206:443 green.erne.co tcp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 matching.truffle.bid udp
US 104.18.25.173:443 a.tribalfusion.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
FR 141.94.171.213:443 pixel-eu.onaudience.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 8.8.8.8:53 s.tribalfusion.com udp
DE 3.124.210.90:443 ps.eyeota.net tcp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 206.242.94.141.in-addr.arpa udp
US 8.8.8.8:53 213.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 11.155.215.52.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 172.217.16.226:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 216.239.36.117:443 beacons2.gvt2.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 216.239.36.117:443 beacons2.gvt2.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 117.36.239.216.in-addr.arpa udp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 91.134.110.129:443 prg-apac.smartadserver.com tcp
NL 185.89.210.141:443 ib.adnxs.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 sync.teads.tv udp
IE 2.18.24.8:443 cdn.doubleverify.com tcp
GB 172.217.16.226:443 ade.googlesyndication.com udp
US 8.8.8.8:53 rtb0.doubleverify.com udp
US 8.8.8.8:53 8.24.18.2.in-addr.arpa udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.178.2:443 www.googletagservices.com tcp
GB 142.250.178.2:443 www.googletagservices.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 8.8.8.8:53 rtbc-ew1.doubleverify.com udp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gvt2.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp

Files

\??\pipe\crashpad_3164_EUSPMXEWJMSEHPYJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 96636d9a6b6823cb0ae7237a357b1fdc
SHA1 33220ef4e01cdcb6c510998f3877b16460be55af
SHA256 96c2daf4430f529c129cee57024d1cd6ca294a3b48a3b3e0a4909d53df12d9fe
SHA512 ad750e054f1325e26b8902e54426717feb8a870897f155cd78568e4eb46e512c5a158d4b50b33534a930892e0f91f58898030396c4e309ff083d588ab871daab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6caaba5eb47eac909b898e2992c07d76
SHA1 c02d6b3ce1d198882bcc00a7a9494a4434ed73fc
SHA256 43552a43e4002f7cda728e321a16c12c1cd2b56e1fdbf3917ddaf8c8cc1a98c2
SHA512 026af844553f1b96c95b6e62b13d90f74e0acd6c71abbba91a2a6685f07ee43d1165a628a12441d8db4c1387cd9fc1e8f1ba1ab03dd22beec4c17001e73da4c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1570cc6cd9fadf6f5b6dd4b9fdacd037
SHA1 904e89b6c1a39a0d21e68cd49223f7fcb9959477
SHA256 affb946470ee33051dc398c93f9f93224f275770489b7d28597d2f2f2c25153e
SHA512 bb4b8a865847d822b8fd82463b8ab070e5fdcfc4a2632e841acfd65cdea35685fa5f606c1ac74466e6cf02a30197e3c0a6fe79426c217dc1ac5c78dccfc91511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 77c983265b0435f7fe405d024aa65c72
SHA1 6d82270f252e8c93e908cbbcfcce37653b5cb1e7
SHA256 9afd97d795ffd03f0ba34b7bf7df9a48c90e3e02c998d2157c5da13cfcb3786f
SHA512 1bd14ba7a99bb3a951c97dccb9db98e9e146f5ae8c40b0bbaf3f5a1668f8c4e53a4343c8e3c0b3b6003d09e87883e2e5364da8309bb23b602cb724f2786ee144

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd20ea9cd70ed992c3a63184236499fc
SHA1 e295770c66e8e5c3b9789ace7d79ab8035504a5a
SHA256 398b3b0771e5e3b36d88e9241aa0bc9324639e79b4b6aee9bca6525590f231a5
SHA512 c7a66950384d221d279f5c4720004294f47bdd6dace92c897d5356cc5a8f9ea08affd8a8352572d23328778bd443af0c6ef58eb64a943de7503e05c59c976b9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6807b8fb7015e4b6e1cc66980ed5a650
SHA1 788f10bdf743a321e9e2ad62788ab8ee3405a200
SHA256 336ca9a5b056d7a34d1c60168fa5acafb84f473b3b66ac57a3f2f307473757c6
SHA512 f6fb26a791487af48ea25e2efd762c6bd580f5d61dd57b7cc5e749941890e727eba42abbbfa157b1535e14ee1fca21c70a0fa117ba5b073cee841c3acc8dc59c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69324d513bc4999e8cfaa1b98f9461da
SHA1 c19cdaee3ab5cdfdf961417c3f4f31eae73a4325
SHA256 3b6cc2fe26f3373f1b3f9457b93ce4c7d17bd21ddb9f0fe51162dce07c5a152d
SHA512 4f7408f235a2b9aa26057cf0ecf30b49c0fa97da99b5e80551384c9710de63514b697ac9c3f3d23b3b673b864f3bcd72e92875b43c25b7011926a2fb9a6e98f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b18b78e6754ab2ad3b9efa71a514f001
SHA1 da2e7274ef45ac03bb12a8ce0a7f1eb81e403c0d
SHA256 7c3478fd34b863e07cc35ea737ce216f9ad1912db3384b0407ed6a6a48e15e64
SHA512 42fab53cf16f27eca2f958a448a6574bc6a5c7c57c3654e0d7f9c6338b6b46940f548c822468fdf07fab91acdbfbb0a42448e7887facce2c19184012876a54b5

C:\Users\Admin\Downloads\MrsMajor 2.0.rar.crdownload

MD5 a61889efca36007831250fffb358bd17
SHA1 c835f75a8de83cbff5787f8143476b424458e7c4
SHA256 50e0b0a6e806a837e3a7346ec2a7c0f4c36e7618553c799a88ae1658d97e505a
SHA512 8fe704c55094cba451cf12197557bd44c696b58eae2a0a9827a7feb96d67bda89e15bcf763212fdd072e8272ec6537efb738b3e18cb24c26ac7920f70837cb2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 546ded04185feadbd18a5fdd1b1d8afa
SHA1 d19d2e10358f14e291b67d6e9e9256f200f67512
SHA256 a9b45ad49b92850576b48abc33cfc8bb57ca21434fdd2488f5ab4ad4e8bed241
SHA512 ec3a8bd1c3b42dbaf8f86197d49860fed854fe08c34f4a89c605e048d02a0715ea2f5f6d1bd75d5b358b7e23fa0ca0f05acb1b3af598e4a51e7c9a7a9a5ce863

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b4f3.TMP

MD5 01387f250c9d34266a32536003b5bbe8
SHA1 5e17952e99070fbbdcff9ae35e21a36d3e7f6753
SHA256 9754338fb3026d4cee9dc53be9c625156be696aa2c6e3e9b36234c08dcfc9c1d
SHA512 3f6e41337908dfa0569c523c6fd2744508773e8fda4db7b02194a4f8acbad88d7d5d1eea5c3930b9021223d7cdffb8fce525170144900f6c8a4c11447a349faf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3362d88a723085894e059ce4a6b7d48e
SHA1 472a5250337ab1026430821e54c2e289e7053a21
SHA256 f78922f7b940cc1aea3b06879e46d9917d86c1cdc1e34e3cb0a1a5608ee1bf89
SHA512 aa8f3f742056db0bfb9471e229dab70eec8db8ea48ca3ae065f913f2e04222d1eca286589c35deb0dc41a4516f8d1df7114cf0fbc7da33b35a63f5471c001fdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 acfd9130854984cec97c6eaaccd6c5d8
SHA1 ab925f2abaa0f3b6bd24ca4b9e232aa6c2bd6338
SHA256 e4afa6e536647027e8288f05ba25bdbea83ec250abb41aa2ed59fff4cc66f184
SHA512 7b5295ce16147034a4760a543ddc43844854e3e54ad172db00fb655f193dc97b024a7fc6feff9ff7461080e2a8405e31b52d19174a05da421183ec90453923fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 568ea189529949296721bed2a27f6105
SHA1 4a438825a65f97bf78b0bd2c130578a474030aa1
SHA256 7cf14884b58bb9cedb05bad4589800558b876d590c44d7efda0139897a0d9777
SHA512 1291aef16153f8aba43caf2c20f5d2de8db471bc03a3351bed9a1152ee84e3215291f23f28d014e2505e9963d648a6eeac61dee28edd7d6bd5d76671ea91066b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7da531db6c2a42d9b1f3fbe1873ddeac
SHA1 141a7b9f240f809b80821ff3adeb3eb04aaf1221
SHA256 32a5aaf587773f99e25283c3c7417049594e298205e43a94585e2ff5d6380f72
SHA512 205fa1dd8e3b5097f783f25d8c5ece89da0e93558eec7ab685963a6d9d731e39e8247e1b591e2e4754c5cd5e0c60f3615d4512ca2d5464cd4efd6a25607dcf7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 7f5a5d45ee4ea0bd1ccf5178c63f43c0
SHA1 71cafbec33de805f8c65c04ab40a7fc072420df1
SHA256 e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a
SHA512 11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 227c516f6da2feda873bc8377cbe6b90
SHA1 664f2dcdffbdfed040371a457b658c62eacf5cee
SHA256 a51ca896ee5db0cef1e2e1a28f04bdfe5014d9e13c6bd43cdbbd1c6301232f3f
SHA512 fbd58c7a66feb7d47c56a42046acdf0e10544adeb8ba0d0036adad5931a85ca576850da5b5ada02400505a1ed8260c2e367097b21098242aadf79d398efe9164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d73a553de84ee3b36fd58cbeedde41f7
SHA1 59dcf89103d8251003c2ba11073b404996f569ef
SHA256 75da475918d39f2b13477a412cd1fad6a2e6519afa148761d417cb1b69018cdd
SHA512 2d3a67ed7ea882b609cb3e29af789239547259ca0c21af74a253b726c92340f87ac6487e0895d8df62891dc4bfc21161d3de62ce78301ee6cff3ef5bb5c95583

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 34cc90990bdf8360585b14ec475acb67
SHA1 4906a12f772d2be6634eb92ef9725da0880da92d
SHA256 77f9095003401fec6887899c25dace92ea19d858e004f25ad26fa03a8bbbd771
SHA512 386f1da8586b43236932cf8b4659d4f2ecc72a06f5a94e084412867bc41ba83aede1a15626158f9cb948178b9e6c62defba1e9d739ef60a230600dca9b8c8857

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dac78c6b1ff57ae36ba0b5244363f5a3
SHA1 4402c97c558b8d788dc1666d4928855e86b1a0cc
SHA256 52cf5ce979b0c3d0802c1972c81b29bf5eb236a32edc93d9739a2c647c08fa03
SHA512 7b5659a29d42e51ecfcf7a105c113d98683f91b5a195562cd5fb8b413240b04e8570fb9e1cbac5011a002f3756cc69d5edac137ae679dccd5212301f92999e42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ad1860b5eeade4964436c52c3f5d2df
SHA1 326eca6d52712f6ee8411c0d86e56fac6297b7d4
SHA256 43ba4e7a8d1cb3a4745215d9eb4aa5c56d9096847b5658ff477150fe9b4ad142
SHA512 b504b7821615a90f5685642596940b137c5ce602b5b01efe397e5a4b57dd44c4e4d0cdea729ff1450c5aa017f6af0a90d367385549ea6bab20af7b570c771a61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 e287229fdbd6f149e2143b904d1c3f7f
SHA1 898b608f59173d46454b3c20829865a9a4ab8aa1
SHA256 a246b5c89b84324f126e5cc3c289511b7b4d707931721db1994897d8824a3f74
SHA512 b3a07c3e0a27652d540cad71161e7e69ddb6f8547a9868c546d59282cf4a372c405289b16dbc9bd249986a451ebe8804d0b15ea60c87cef0d908d88034d734e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 1fa75147a385ba85892c46f2db2c9391
SHA1 6ae6e2b2b301667be8f2777b8b9c32132d3e4649
SHA256 f71b3b63b9d4a30e06ef4e69219cbf06757c62e6aab5b3029d3c5e56677c60c8
SHA512 c417c87e42be5ad0f88d948f327befee9734084b78ff7e1c6b48cb033a2dce74e5a8511b340353d3c521ba6e206e00a5de402547bb7770e6d78f49645b8d95b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 cc6ddcf36d72c826b6e2211893b3600b
SHA1 c54eae3b7b5389f8f15f9de5db65ab4acdac6d21
SHA256 244c2186fe807432bd532a85b5d4be2670ce3c8194690d750db62cedbd5fc3ce
SHA512 6a1bfcf96b9f88ba2d7a75e14beae8952c278f72194d492e8b5d5baea0bb1da7e3e30ed638f29633e0e360b7ce69482b019949eaa72f73578c33fb7488612507

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 66cc0014e6660e1d5d46a92c3ae19287
SHA1 e258ca8dad24768982f8142b9b4592a3922a4e72
SHA256 133a5fd6e2275858f3cbe0bfd40623c0668c39d582afbb32daf2e5aa5eab4f15
SHA512 580f13c2b86fd72f97b5a2528c1027c3031ff55b75a1272f0ad5b7794e0a28e538cb01fe41a63e56e49b51c6586468a9c9ac06f1f3c87352f95f03e9f1569cfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 6d594c99f5c13af6ed09d47a64c394c6
SHA1 32c8c59b57973bd01d386d42135be0ebd4caa0e6
SHA256 65e7588843fe23cea6732e9d12f8b284973d2028cd52d5d402952f6e398892b1
SHA512 b104812fa3e989c619ecd3609a7fabdc3e17e35d0dda2d9c216244e44ef032243ccd902186d1d1c3072003567afda1274e3bd6e6d8b55e0ca8781c068f6d8c6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 a30e86929e04bb7b72d43be4442b4362
SHA1 75f53680d7f18d0d0623f2a3341517faba045440
SHA256 40fb56acf471d692b299048a77c0b7673597bfe42ba3acfb1088d05565c867a9
SHA512 518f84270c5684493166c777efb9e9a7d98f367dd81a6b55ca7b80b9bd4a5cd93a29faab4d22102335b5d7d565e88530a3afe79cc70298a186890ffb6a2c7f92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 caaa5222d179a24ca5540080c7018b99
SHA1 1f415a7a73a12a4c16f25709504f4e4e4beae9dd
SHA256 b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf
SHA512 71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cef9f66628bc9ebed1b0759edecc6796
SHA1 aeb8dd61f3a11cfde2a06b2485f2e6d00cc2fadf
SHA256 c0cfe2c40a943d049d5358c613f59426529303d6c9c8afd574542afb722ce150
SHA512 6833a2ff9ff1f7be912b5da5d29107f80f7c3d9a0d82c796f21aad2fa799faa25251a12cf05675f07a940df524ad5d7a5a4c57d9cef9e03739e8a45004e14eec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d32654d7bff28f22ca32aa4fef96cc71
SHA1 1a767d32e0b8f9079b7b362bcc5e8fc6892b6bed
SHA256 0a57cdf5dff7e4af6d40de6a0d3f5154488d303045111a23c07836d35006ffce
SHA512 8085be9f1984ac468632416c7bb74f74888af7145b29266b1d4c8696b5d24c410d2f8552cf945401c0f497fd00445aa315ba9d108c7aa1279a90273e86e446f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 328bcab1b98378b1ed230f5dc4cc229b
SHA1 61360f50362c012e912d94d6fa6ea15bee01e1ca
SHA256 c3509143a4b6eb28aa786312d2e4f13b3b9651726444e753c70bea8280b11fa6
SHA512 37593829f7e0cf434109dfe87e5beb486e77f59baf8ff9f7640967f40fcacd743d975fde59d65a452e573d92aa91de5d91f14414b84573a22c5e20742e4a0bd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59b731.TMP

MD5 c739a166cc8e3d8dd551588d499a56a0
SHA1 79a991726657e01168fd977fce9c3cdf914ac921
SHA256 55023cf93f8121a67c11b5159ec3886a366be732464c38800d8223d4b62b6a14
SHA512 3d838263212e8e55148c786f4e9eddfe5825fa6276c914d1d58b3d238b885eceaea4ba22054d55f84f71eb11854c1500d8c2e80b8209acd890b2fa5fe9f00f68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 314b8de4575f83406020a8db99de40c3
SHA1 06641196e672afc98f5f6e64515d3d0485a374a7
SHA256 af490bed15881e8a0cc8706e8fdc88c8de9a50c4d5f0b7c685122d3efde36658
SHA512 8b45e81068d9de8df9ca8da8594c80c712365e2144f3456e359b530b74aa3224064301e212e636d6c1047480cdba99338920c74b92565da36285f2d520474d6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a55eb23246b6b966797b173b65abdf2f
SHA1 5e9acb051e6e4453f008cb164a546008ad4577c8
SHA256 c1401705a59f2a1a37a2bf0e958833911d532d59d8e4a06587b96b957220b15f
SHA512 2fa6cf20ee24ed49676aa3537ec5376f2a257790af73ecb5971a8ade2c1f0b4ced743f0f7ffb6a5c4b188c45ce66f9f6801df4f6d85c8f5c31adf85b9d9282e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1aed74e2e7eb76c39a5bf898ecf56092
SHA1 2f2c339028af1a190ef541a4db11d4e302776af2
SHA256 f5c3f4d8956b122548adb59930d1477dc94769bf9eca846e327a2e85fc03919b
SHA512 ba45f4e2e63a1bfd687f8eff29bb8e2a6e5b98d1e1e2e390baa38a9a82fe9cae34c68d25cc14858ee2ffb8f37773ff505395d33badad2e47809b7b68305bf2c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 781aed5855193c48aadc9573a4c1cedc
SHA1 8b7091a680697b1eab6522d5ea5901b4e85643f7
SHA256 8ca95e52ff0bf8cb866b8f0a09d63c2a5c4a22eede32468522ed42f7e60a5ffc
SHA512 a9f877b2badd5bd4cb420f199ff15c82c864ec7733dd2fead37a1a09b87fd9331197ce730ca4b830ee09c101e6ea172edb3870740a77fa7d1224c0e1a9238aef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 99621f7d5d9b1c4007f06c9f6a3490a8
SHA1 b5daf56db8e378ec529cd89d73793bb549cf460f
SHA256 1ef88ca69e8351dc73c5835e0bfc2a073b5b3248e4ec12432abdc8a7a49b0fc2
SHA512 5f741207cc36bbbe58f56a85a2990df8ef683724f27bf8ce50441f005271bba9eaac66520dc7499e6c79892a29216d40cbd570b5285a37e1ad09fda906ce923a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 921df38cecd4019512bbc90523bd5df5
SHA1 5bf380ffb3a385b734b70486afcfc493462eceec
SHA256 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA512 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 40e01c775b4f150dec2ff43bdf0f1816
SHA1 29cc0f7eb904aced209cec12ebbf8e6ab192da53
SHA256 4d21e64e043f3f03c39754589e8131f993de6565a9da3bf86a21c205e37b3ca0
SHA512 c868ed04136d1c38c2d4f22f7c16337532fa1b62a3da413df9815ddeb2fbd5a5175d7987beb796193a4e812a679c117928c97a4e87042ce4383433ba479b923f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 c9c5c1f1ab9a50624a65b61336b2f8ef
SHA1 600ef0fa0cd426f7ec2426f4fb13779579642103
SHA256 b29b94cfa8c0984b3e4e9cacae2db48bcee27038f1748d4a1fd29d35cdcfc1b8
SHA512 bd914a5c76990a062eda5fa8c2bc584d2ae73c2cd1cabc449492fe9f088d3ec12951a75b1762bfa0396481709b185f13d9e04da3263fa3c3ee58d98663ee08ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 41608a66cb1aeefffec5d037a7c575a7
SHA1 90f5eac92d907158f1e0d5bd95ec6e75d391d43a
SHA256 eaee84c557249dc05983fe4424c148efca28278274453b552956ed8c7de12568
SHA512 a6ffa39413713c844fba27afd7002fa36e6e37c7172e374619118a174b29eb31460c55bcd314047fae0df88fd490ce853be9eef203a410acbd23e18ae4db9dcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55b36e7064a9dbd09de2420b4c35ef4a
SHA1 c63ab8e03dbb7e6189983d84ea44287317b1ec23
SHA256 40935886aa51c82fbf61e0a811bf86fe4157707bf5e9b84518a725a7bfe29481
SHA512 35c2d78a94180fbe0f60dae01165c966b1fa1a345fcb2d1d590d73687aa4e9c0a00a23a6b0919d0b2d902cf7dbac16052666085577e7c274ee346f1b3e38b706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

MD5 443826e43ae39d6b6d996ec061398f84
SHA1 a996ce34b3bac4eb02a8c113b1105de8f17f0868
SHA256 87fb32803b0681980e6fcf71b9d20c00239b622beffa02de6184e8b15d7b9b51
SHA512 6875d9dfaa2d4b0fcced2350ac95aac477e9289ffc4e192f8a3d20eda57020d31d6feff74b5f4978f1e5f6373b13d81fd041ad95978c1a20c867710bb1acd477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

MD5 654b495cf8877c0a6c9423793216dd88
SHA1 17526245d961301ad40c738f6b6d16a2afe6ac8a
SHA256 e6e0c443422b16eb462ce281ca745a2e8cd58d266c10bec39a12dbd45b92af69
SHA512 0c319332fa505d54972ec8046e209f109c52dde42ae303d862856e2107e7f16ed5332375acc5a9c1272d940dc7be3576e57b833e3746ffbbbf9b8c71ec3482f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

MD5 3dda883b89b1f31dd1e8e0be2d4250e9
SHA1 ff69000e8307afcb2b4db7d6117b47975f9de06a
SHA256 e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b
SHA512 25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 296107fd9e4b08da2a5eb5381e62e59c
SHA1 0fab647f77db64c6284dd6335f6f01696217fb88
SHA256 9a75f06abaf3c4db9cb4110d32c18ba80356efafd79e6f6255aefc31054ff133
SHA512 519f5c12f414e6321e63c5c2992b4eb89131334543310513ffefcb9b4cfdc9cbf9adc48854dd40daa8475b238ec4a1b1d6f31d666e5edb773f433582777bea43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 20adea22eec53811cc6bb3e6fb9648a1
SHA1 89ccfb989609bb343bff0f260fbc28e78b0ae16a
SHA256 d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea
SHA512 24342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e51ddbe9f981a43cadc977f793d221d7
SHA1 7faf2a9921318585662f2feeb034ddca589c0eef
SHA256 1610be17e0aa2cea01eebf46d473a453f34d795bd24f552747cd5ffef8f5673c
SHA512 17b6ce08acbfdeb27322d4755f6b8556b9aa07ea01526f389ebfe15ad8f756da502e695f3528df33f9841a3c727802d3abdceda1c8b4f19ee2fe196e8d9e4bf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ea52a9e42b1bb2b09a022e7a7ea0a1e
SHA1 eb0ba2a0e57755b3e8c2e2ef7d9590c7c8a7bf00
SHA256 1d879d347d3ac339eaffcbb648025f5d2f80105c2a218edff962340aa05c10af
SHA512 9d2a7519ef740e3cf6622fccb89ca02b0e3324117892771fec39fa7db89bbe78034b82156c090fa9001add73e2ff7e88741f281505421edac77f646693f91aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

MD5 ce1093c800c0933d7c9674eda75790d8
SHA1 371c2dcde092f51b18852e2617bc6c0c176f5873
SHA256 57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89
SHA512 fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f2dbdeeac3570d9dfcb9811093a72bf
SHA1 4c3211d20427d2a94283b4c88ae5b9ca136fd9b1
SHA256 d3a89d2635772d5a1bd141f01813916b3d31bb502c120746715c5d54e514d14a
SHA512 ed0c41943400c151d2e7a13ebe4f91daa1707407b8287bbce0a6842f683c954847b422414000c331e8dd12a898f0f57d2f62bfb6bde0f100f7f064c420cfb501

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 01a227d7902d99e8ac04be7f7285df74
SHA1 687534ad484d5499bedd16f55bb7b294de2efaee
SHA256 af23f8b2fc8f04df2ddd4fad9fd2ba461faab11d9897b9d24dcbbc5d81031b70
SHA512 d721a3c4e0fb8b709cf0f28df7824eecd8358f9f807a5406b2ae6bf3faeb3708059fe8678562de1096cb5de0ba9a29815d945e336eddde328d1ac449e16f2917

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b19de159cec49e0ed0c3f00328b2eb0d
SHA1 5b96344289fefde3807d0fd61ebf13937073cd06
SHA256 59aab588d743c8256b6ae64dd26c85b2c3835ce778cb4e20aa572913131a1d5f
SHA512 0b895e81046397140ee1c48b80393986f0d4cbbd1d74d2365f099126b40b0c2f74479a422b2d866be318ecdd04e960548f9528194e7ad9d70fd9c673c08c897b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae96d6ce4b391c7b949c58f735d1fc28
SHA1 1d76cf2b7d72d0814810fe9253bbad6e47abe6b6
SHA256 ef64d344431db0a22903b9e91152ed6868c8975264a140ac34a19e8491ef6c1b
SHA512 77e6a6e577742ea0426ac786c21c5fafabbb3165f5fbd84baa2c7e200493887940112202c6ca3b953f9af1ab8e86524a79b3b796b04e77b200847b26cfb13a83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 179e175ac52913a5ba2fc23795a8d389
SHA1 a376a8df228b2042aba0e85911416e570e1d5026
SHA256 950960db94a8ea4262429cf85a31abdc3e5aed9991d29ac887543689e87f941e
SHA512 4086d8312603abd90dc99ca2ff27f9981e9ba6d73a3b1cb539dd76eee797860f9cb020d123ff708ba783ea079ec78e851351b8c5c6d096106901a5b37efb8bb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3d3825f6-397a-47f0-bdb5-9c48a5fde3e3.tmp

MD5 7ec60a9aae44ea87f6a18fd1bcffac0c
SHA1 4b34d39b77fafa8cf744827659d6aaddb3faa2de
SHA256 0d33521bcc43f24c2334026159d42d076852e5c8276445b9e17a81420269584b
SHA512 111400a84d657e8e506213528b8e77904993310504109541e9226c340be384d1ad813ff27934c78d656bc90440477bc6034186b99c3d8a0b623674e9f9bff799

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3963d7725983222d393db24c2bff6588
SHA1 e6bcb90babb9cb319a94fb824cd841d3883d8cd8
SHA256 44c368174f220d090476cf6d7a48be69d0353e288e8ad0b789a7d1a0f552abd5
SHA512 c56498c7c82ebf2f9c85ddba73bccabdeafa71af34c9c601de85ba7851e3ccc04b63a4b1e880127aa07a005cfcec2d221ccad9772ea77ad435087afe8cdf651b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fb4d02e31dd7627a5c16d83fdd7c60b4
SHA1 d4dad52a5de3545e43b97a86dd884d7d789286ff
SHA256 16c35451cf55fcc11d339a4cfbe6667f547366bb11bab84f909bb1886312eb44
SHA512 12e9960a6ee40136fe017f05e8e73fafd22f3212f02f8e63508c54911f2c06631f9ff69f8bef60d2b32c050da38029eed02c2107fa7a7d122a6ef9bca471a59a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7823536e20c9a32b50955beed535f5b4
SHA1 99b4a15a2bb0be8dc15b5ad9a6f32cf8e797cf35
SHA256 1fb1ea325fa98281ced1e7b9b3539808f0c1a28567ca60787e29415e89b54fae
SHA512 bd6d218f87a2b394978b88a2a450bdcd815ae574e2f4d1dd8e099f68470e29c0b96ca1a56a78b64837e7628e8a800fd2fdbd21f84c4f51da687195997ebe9831

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7e6271acdc66d76aca743a1431d60043
SHA1 7d825b09f2d555c18e6cfbebd273f68a177df508
SHA256 9b267e9c8dd53eaa790e69ee950afa4611763739ff7487a5fdc3bff4f75ca63f
SHA512 05bab40e3f25b0ebe3337b37cd77bb8bdc8fe4ce661087427e23f6b26d4f426b42191829f947ca1e63a9fff982fa3e7a8497345906f8047d1cf66760173057e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 26dcc16c5e438c9970eac3b23f5afbaf
SHA1 c5733bffda45bc4343bb9e622c4cdfa498328e71
SHA256 c303b6f441af8ca26bb9847754d347938f8565562a6b3b7e2b23a43bd9cacf2a
SHA512 9132f661e0c3f65964c75b83dcaebf7db9be847e33d8bfa4cb408e3dc2c30dbcfec93246011e22c1c76b3611aa6879151839f279d7a4e370f6c4ad299e8ea2cd

C:\Program Files\MicrosoftWindowsServicesEtc\example.txt

MD5 8837818893ce61b6730dd8a83d625890
SHA1 a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614
SHA256 cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb
SHA512 6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516

C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe

MD5 57f3795953dafa8b5e2b24ba5bfad87f
SHA1 47719bd600e7527c355dbdb053e3936379d1b405
SHA256 5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725
SHA512 172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98

C:\Users\Admin\AppData\Local\Temp\runner32s.exe

MD5 87815289b110cf33af8af1decf9ff2e9
SHA1 09024f9ec9464f56b7e6c61bdd31d7044bdf4795
SHA256 a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4
SHA512 8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc

C:\Users\Admin\AppData\Local\Temp\xRun.vbs

MD5 26ec8d73e3f6c1e196cc6e3713b9a89f
SHA1 cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa
SHA256 ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0
SHA512 2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195

C:\Users\Admin\AppData\Local\Temp\thetruth.jpg

MD5 7907845316bdbd32200b82944d752d9c
SHA1 1e5c37db25964c5dd05f4dce392533a838a722a9
SHA256 4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476
SHA512 72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0

C:\Users\Admin\AppData\Local\Temp\eula32.exe

MD5 cbc127fb8db087485068044b966c76e8
SHA1 d02451bd20b77664ce27d39313e218ab9a9fdbf9
SHA256 c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9
SHA512 200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41

C:\Users\Admin\AppData\Local\Temp\7135.tmp\7136.vbs

MD5 fd76266c8088a4dca45414c36c7e9523
SHA1 6b19bf2904a0e3b479032e101476b49ed3ae144a
SHA256 f853dddb0f9f1b74b72bccdb5191c28e18d466b5dbc205f7741a24391375cd6f
SHA512 3cd49395368e279ac9a63315583d3804aa89ec8bb6112754973451a7ea7b68140598699b30eef1b0e94c3286d1e6254e2063188282f7e6a18f1349877adeb072

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\AppKill.bat

MD5 d4e987817d2e5d6ed2c12633d6f11101
SHA1 3f38430a028f9e3cb66c152e302b3586512dd9c4
SHA256 5549670ef8837c6e3c4e496c1ea2063670618249d4151dea4d07d48ab456690c
SHA512 b84fef88f0128b46f1e2f9c5dff2cb620ee885bed6c90dcf4a5dc51c77bea492c92b8084d8dc8b4277b47b2493a2d9d3f348c6e229bf3da9041ef90e0fd8b6c4

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\breakrule.exe

MD5 bcb0ac4822de8aeb86ea8a83cd74d7ca
SHA1 8e2b702450f91dde3c085d902c09dd265368112e
SHA256 5eafebd52fbf6d0e8abd0cc9bf42d36e5b6e4d85b8ebe59f61c9f2d6dccc65e4
SHA512 b73647a59eeb92f95c4d7519432ce40ce9014b292b9eb1ed6a809cca30864527c2c827fe49c285bb69984f33469704424edca526f9dff05a6244b33424df01d1

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\bsod.exe

MD5 8f6a3b2b1af3a4aacd8df1734d250cfe
SHA1 505b3bd8e936cb5d8999c1b319951ffebab335c9
SHA256 6581eeab9fd116662b4ca73f6ef00fb96e0505d01cfb446ee4b32bbdeefe1361
SHA512 c1b5f845c005a1a586080e9da9744e30c7f3eda1e3aaba9c351768f7dea802e9f39d0227772413756ab63914ae4a2514e6ce52c494a91e92c3a1f08badb40264

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\CallFunc.vbs

MD5 5f9737f03289963a6d7a71efab0813c4
SHA1 ba22dfae8d365cbf8014a630f23f1d8574b5cf85
SHA256 a767894a68ebc490cb5ab2b7b04dd12b7465553ce7ba7e41e1ea45f1eaef5275
SHA512 5f4fb691e6da90e8e0872378a7b78cbd1acbf2bd75d19d65f17bf5b1cea95047d66b79fd1173703fcfef42cfc116ca629b9b37e355e44155e8f3b98f2d916a2a

memory/6636-1647-0x0000000000410000-0x000000000054C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\checker.bat

MD5 f59801d5c49713770bdb2f14eff34e2f
SHA1 91090652460c3a197cfad74d2d3c16947d023d63
SHA256 3382484b5a6a04d05500e7622da37c1ffaef3a1343395942bc7802bf2a19b53f
SHA512 c1c3a78f86e7938afbe391f0e03065b04375207704e419fe77bf0810d1e740c3ef8926c878884ad81b429ec41e126813a68844f600e124f5fa8d28ef17b4b7bc

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\data\excursor.ani

MD5 289624a46bb7ec6d91d5b099343b7f24
SHA1 2b0aab828ddb252baf4ed99994f716d136cd7948
SHA256 b93b0cb2bb965f5758cb0c699fbc827a64712d6f248aaf810cde5fa5ef3227eb
SHA512 8c77696fe1c897f56ea3afdecf67ad1128274815942cd4c73d30bf0a44dd1a690d8c2f4b0be08e604853084e5515020c2e913d6e044f9801b6223c1912eec8f8

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\data\fileico.ico

MD5 a62eeca905717738a4355dc5009d0fc6
SHA1 dd4cc0d3f203d395dfdc26834fc890e181d33382
SHA256 d13f7fd44f38136dae1cdf147ba9b673e698f77c0a644ccd3c12e3a71818a0cd
SHA512 47ffac6dc37dac4276579cd668fd2524ab1591b594032adbeb609d442f3a28235a2d185c66d8b78b6827ac51d62d97bdc3dffc3ffbaa70cf13d4d5f1dc5f16c2

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\clingclang.wav

MD5 1c723b3b9420e04cb8845af8b62a37fa
SHA1 3331a0f04c851194405eb9a9ff49c76bfa3d4db0
SHA256 6831f471ee3363e981e6a1eb0d722f092b33c9b73c91f9f2a9aafa5cb4c56b29
SHA512 41f4005ec2a7e0ee8e0e5f52b9d97f25a64a25bb0f00c85c07c643e4e63ea361b4d86733a0cf719b30ea6af225c4fcaca494f22e8e2f73cda9db906c5a0f12ae

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\Major.exe

MD5 d604c29940864c64b4752d31e2deb465
SHA1 c1698ea4e5d1ba1c9b78973556f97e8f6dbbdef3
SHA256 da0233f5e5e9a34e8dd4f6911444ca1f3e29bb9cbd958a9f4508ac7d72ccd55d
SHA512 89a4a14574ba19fe319c766add0111feeb4320c08bf75f55a898d9acc783d5a862a6433758a413cc719b9179dcf873f1c850d1084851b8fc37aa1e3deabfcf54

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\DgzRun.vbs

MD5 a91417f7c55510155771f1f644dd6c7e
SHA1 41bdb69c5baca73f49231d5b5f77975b79e55bdf
SHA256 729f7540887cf32a5d4e1968a284c46cf904752821c734bd970ecd30a848477a
SHA512 f786699c1ab9d7c74dd9eb9d76a76728980b29e84999a166a47b7ee102d8e545901ed0fcb30331712490a36de2d726115b661ad3900cdc2bfcfc601d00b76b07

memory/6636-1672-0x00000000054E0000-0x0000000005A84000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\NotMuch.exe

MD5 87a43b15969dc083a0d7e2ef73ee4dd1
SHA1 657c7ff7e3f325bcbc88db9499b12c636d564a5f
SHA256 cf830a2d66d3ffe51341de9e62c939b2bb68583afbc926ddc7818c3a71e80ebb
SHA512 8a02d24f5dab33cdaf768bca0d7a1e3ea75ad515747ccca8ee9f7ffc6f93e8f392ab377f7c2efa5d79cc0b599750fd591358a557f074f3ce9170283ab5b786a1

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\majorsod.exe

MD5 b561c360c46744f55be79a25e1844e3c
SHA1 ed0f7eb00b4f1ae6cf92ad75e5701014f3d03d56
SHA256 d1094e91960ded15444c6f50756adc451a7c0b495b2ea28319b7184ba96236f7
SHA512 0a3a75d08f1d7afcd7a476fc71157983e04b0c26b00ace4d505aa644e5da3e242dd0f6afdb3c93f29ba0b08d2702d0e96b49acba4ed260330068b13f93973e9f

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\bsod.bat

MD5 c94bb8d71863b05b95891389bed6365e
SHA1 07bb402d67f8b1fc601687f1df2622369413db3b
SHA256 3900e3b60b4691311e050c4cf8fac82ff178a06e3d04d5d6b2d7ea12cf5d53d1
SHA512 00e7ab3a91862faaf5ac5ca3de6dbf2cbb8aac4aba277e1e14b2ecf4650eea2e68134e0df549dca35ab715ed46e36fa9cfee1ba7bb3520511723bf567566682d

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\GetReady.bat

MD5 3dbccaadafb7f0227c1839be5ca07015
SHA1 bd636f73235d52d172ad8932a8e4a6a8b17389a0
SHA256 33a0c62f3f66bce3fc1beb37aca8ad731bfa5590177d933d9d4eae016019242a
SHA512 d981670f9d492d97931ab260a7d7d27d4f97621a1ef3e20246d4be2a9b4cfc01e01174a1d46432b4a3d937ad135c97eec9ef7bbc7da46034388843887df4637e

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\xRunReg.vbs

MD5 8267192f547f8914ff36eff80ca3f402
SHA1 23bdeb19fb37059e1293dd80d8be69480c957c73
SHA256 cdd4f356ca256c707960bc42b97649111a830e6f951ca6a3cf80853e3c342947
SHA512 cd684cb73496ca925fd8604fbbf286b842e2b02ce18b19d63618e8355dcec02bce700fb09b25da932545845b01a7f8d9986fa486db504b92a42d7c0ace21e9e2

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\WinScrew.bat

MD5 04067ca733ee8b2ab2f068edc8b75a0f
SHA1 973cb577f6ab2463040918c3661333553a3132c8
SHA256 3aef33c03777abe62feef0a840ac6a087caafc05adfe801464fd1c52eac656a0
SHA512 5423a1e668211f269a3d787548e11d18de7365d6c2525c2de61014854f1ab5a51b5de9eda70fb21d6ebe356cb52e93b3f406c71ed7fbcaedd2b023b6fa9c13f8

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\RuntimeChecker.vbs

MD5 fe44b78a465853c0ac0744c6ab05ea40
SHA1 f32dacd91b9547fce9a8a2846a4e17c33295aab3
SHA256 989d947c51c878bcefecb53d867a3c182c2d67129a87a5f6773eb6ef2bbf9b2e
SHA512 6b945e16786833c2e2e9867315b8859c413687fc72d4c8576b9c0a1aed2dc65249468317dd49f2ecf777e27c9969b7a7abc72b4d9b7c182dc7999051377515db

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\runner32s.vbs

MD5 5f427dc44f33906509423d24fa0590c0
SHA1 b896f7667381a594d3751e05f258925b81c231c0
SHA256 9aae0707b1d5d3b7ed3bf5cc8fbb530aebd195e3e2f18312f3f7f1aa43e031b4
SHA512 bd28c386772062ef945f24c8ad7a25f158856af36e31d2c9b14674cedfd34b4f48ed531cd40a7eb291384d83665ffe154f0786c1a7ee1616256cf30125120961

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\majorsod.vbs

MD5 fecb9e50c1f01d9d6101f273cb860260
SHA1 18c413f577c289004db6156bd133e5db70258044
SHA256 8863b595563e92d73b29090ff83191b2fa1297507be588aa7e1cf910e77c7feb
SHA512 2c30641b099d5b6c3af40cb41e70160c1f4294bb30dc3162b018e9552b48fc899d1a63d3e366bfb71fcf6803bcc518cf8d504ce60684ce221028a9bf2bc07f9d

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\majorlist.bat

MD5 4cc606c63f423fda5324c962db709562
SHA1 091250ffc64db9bea451885350abed2b7748014c
SHA256 839301ef07178c100e7f4d47874faf995ae5d11dfd527dda096a284c8114671b
SHA512 f29ef2bc694f497499545d1fa4e14ca93c06049fff582af3a6caf3885153491a1cd9e96ab5a6746051aa972421f876c008e5d5b671bd34c3922b61c84151097f

memory/6636-1710-0x0000000004FD0000-0x0000000005062000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\Major.vbs

MD5 9192fd494155eab424110765c751559e
SHA1 b54fcc1e29617b3eee1c7bb215c048498881b641
SHA256 cbd3b0f294e8f11592a3ad80d1070d81746f806a48183b93c345251422ccbf0d
SHA512 b8c48916535f3721e7f47be6af671765c3befefcd407c6ea5fabcf9ada119747408d662f61fb436f98a7c33050b6674da54dddf25e683429204a96555ec6e801

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\cmd.vbs

MD5 b181d5a4055b4a620dd7c44c5065bbe7
SHA1 36320f257026b923b923ad2c0e7fa93a257806e0
SHA256 4d2639e890d6d5988eb9cb6f8cb50647048bbfeeb83fc604c52567e7381c876c
SHA512 0bec0cf2e5b93065701c5458c1d7e047312971d7bbed3ce5444db710654fa0d84eabb7d7c243130e3cb2dae38eb05874929b5b08547174a6065f8accd4e0433d

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\weird\breakrule.vbs

MD5 2609fde7a9604c73be5083e4bcfa0e20
SHA1 068c89f703fb11663143b9927f2a0c9f9f59c0e3
SHA256 17d014cb4abbaced3acce9b6d7a1b595cd6e2dd814e41f06ceddcdc08e93eebe
SHA512 439fee7cc198cb3fef4ef14693141e52c305579a4ff2da0842323f57dcffade03f3b01ac288080fed423511937a4c1e2080f5a79f967a963fe34253f541824cb

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\RuntimeChecker.exe

MD5 cd58990b1b7f6c68f56244c41ab91665
SHA1 7ccca9958d6aebbe3883b55f115b041b827bd2e7
SHA256 51f59e877a1c2a1c2760c677def7395ef2868c2ee3e56ffdc3ace570afa50428
SHA512 011bdd417ec3bf72daa2b32d3816b696be8b87423740dc2a0182e23515651deeb870a94f3415a73480145f9f5e36c1a3a492410b77ca95d7fab8b9826e9198cc

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\rsod.exe

MD5 91a0740cfb043e1f4d8461f8cbe2ff19
SHA1 92e1ad31c34c4102e5cb2cc69f3793b2a1d5304e
SHA256 dcaabfd6955d3fec26a86217d1b1ab7e979c301d498473e4d885145ce031fc3b
SHA512 c60067655e5f191708af9b25382869e3ce65cd3ea2d6cac70f8cae4132942cfd6a8aa9dde1e2b7f3f12997d6d7411e21dc73ab4cd83ec555d74b82b86778a613

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\majorlist.exe

MD5 230970ec5286b34a6b2cda9afdd28368
SHA1 e3198d3d3b51d245a62a0dc955f2b1449608a295
SHA256 3cdafc944b48d45a0d5dc068652486a970124ebe1379a7a04e5cf1dcf05c37c8
SHA512 52912b6b2ba55c540316fcfc6f45d68771d1c22ddf4eb09c2cc15fb8ddd214812c18fd75cd61b561c29f660e2bf20290a101b85da1e0bbf8dfbf90b791892b57

C:\Users\Admin\AppData\Local\Temp\7135.tmp\MicrosoftWindowsServicesEtc\majordared.exe

MD5 570d35aabee1887f7f6ab3f0a1e76984
SHA1 ae989563c3be21ee9043690dcaac3a426859d083
SHA256 fa24bc7bc366f2ad579d57a691fb0d10d868e501221df0c32a98e705d2d61e43
SHA512 9b68a8acacba451bbf028656c181fae29c5bcaed6a7ff4c1fc26ab708b62ca4be7bba9c777c598926d23331570617d20a0ce439f014461eccd8c3f595d21a54f

memory/6636-1711-0x0000000004F50000-0x0000000004F5A000-memory.dmp

memory/3268-1731-0x00000000003F0000-0x0000000000414000-memory.dmp