Malware Analysis Report

2025-03-15 00:54

Sample ID 240626-zgn5fsvgqr
Target https://cdn.discordapp.com/attachments/1235416337581342732/1255623957755985941/hack.exe?ex=667dce6f&is=667c7cef&hm=cb0f60c70dabbf857574626848386977f5f48296f424c809a5be0586fb3af069&
Tags
defense_evasion persistence privilege_escalation upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cdn.discordapp.com/attachments/1235416337581342732/1255623957755985941/hack.exe?ex=667dce6f&is=667c7cef&hm=cb0f60c70dabbf857574626848386977f5f48296f424c809a5be0586fb3af069& was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion persistence privilege_escalation upx

Downloads MZ/PE file

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops startup file

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Hide Artifacts: Hidden Files and Directories

Drops file in Windows directory

Event Triggered Execution: Netsh Helper DLL

Detects videocard installed

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Views/modifies file attributes

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 20:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 20:41

Reported

2024-06-26 20:43

Platform

win10-20240404-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1235416337581342732/1255623957755985941/hack.exe?ex=667dce6f&is=667c7cef&hm=cb0f60c70dabbf857574626848386977f5f48296f424c809a5be0586fb3af069&

Signatures

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ‎‎‌ .scr C:\Users\Admin\Desktop\hack.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ‎‎‌ .scr C:\Windows\system32\attrib.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ‎‎‌ .scr C:\Users\Admin\Desktop\hack.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bound.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A
N/A N/A C:\Users\Admin\Desktop\hack.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Hide Artifacts: Hidden Files and Directories

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639081007655797" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f80cb859f6720028040b29b5540cc05aab60000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002eb059e18986da011ff8fb4309c8da011ff8fb4309c8da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\LogicalViewMode = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002eb059e18986da011127ff4909c8da011127ff4909c8da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\Sort = 0000000000000000000000000000000002000000f4eec83032a8e241ab32e3c3ca28fd29030000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\hack.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3648 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 68 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 68 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 3212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1235416337581342732/1255623957755985941/hack.exe?ex=667dce6f&is=667c7cef&hm=cb0f60c70dabbf857574626848386977f5f48296f424c809a5be0586fb3af069&

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0xe0,0xe4,0xb8,0xe8,0x7ffd9edc9758,0x7ffd9edc9768,0x7ffd9edc9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1944 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1844,i,15643184598268194133,18033810880672848106,131072 /prefetch:8

C:\Users\Admin\Desktop\hack.exe

"C:\Users\Admin\Desktop\hack.exe"

C:\Users\Admin\Desktop\hack.exe

"C:\Users\Admin\Desktop\hack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start bound.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c attrib +h +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ‎‎‌ .scr"

C:\Windows\SYSTEM32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\attrib.exe

attrib +h +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ‎‎‌ .scr"

C:\Users\Admin\AppData\Local\Temp\bound.exe

bound.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"

C:\Windows\System32\Wbem\WMIC.exe

wmic path softwarelicensingservice get OA3xOriginalProductKey

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"

C:\Windows\System32\Wbem\WMIC.exe

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd9eaf9758,0x7ffd9eaf9768,0x7ffd9eaf9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5044 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3004 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3516 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1804,i,14701895021655902528,17188333887758126360,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gstatic.com udp
GB 142.250.180.3:443 gstatic.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.14:443 apis.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.213.14:443 clients2.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.179.238:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 216.58.201.99:443 www.recaptcha.net tcp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.187.227:443 recaptcha.net tcp
GB 142.250.187.227:443 recaptcha.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
MX 142.250.68.227:443 beacons.gcp.gvt2.com tcp

Files

\??\pipe\crashpad_3648_WMUUMDPVXEPTLAYH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 19944be0b35df3ce8c2f8b9653482200
SHA1 7fa59d17b229042599d6fc111027d9e998883cf5
SHA256 fedad3f2e9107b7d4e053cb81d3642d7c86a04d0d5d5dd02f42b5dfd81e3ea38
SHA512 008509c4ba9a3e7b536f8fa757b3e0450a569804b38597840f5866f1d966d764e2c0780b0c31a9748801d340f192ad2e1de113cc1aba591d9822a0aabb1ad483

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a0fec8cd16622dde4692318bee2ede52
SHA1 74ab5acbdb21c10a58881042fdb87326b8806e43
SHA256 2e51701210b21db59d5d34e9ee8fd922f88eb564a5265be06348f1d4d70e4c9a
SHA512 db45622e823b25505781421fccc3513db4abd392b8ffb0b091ac5eed27d224feb39a9f4fa8f31dfbb5a1b302df813e94afbfadeff3ac35ff704e104bde5c4d5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55945aeccfcbc22441b9c2572138c483
SHA1 f95a4c375b584e9f912d106a7a02e948b7292cff
SHA256 7947858e590a068c2d9a563870e2b9d3b554a14446c4cc63a7917f1528ad22d4
SHA512 4390d7267eb4d3732416a0fcf900830f1ac5beccf77f4875babf7cd1c23d029de9d231e95b452cc8531df0dda133a656309a53c67e21f243956a33215fc2d1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 88e2a944be13e454fd9b04739223c93c
SHA1 0f15505cbbf6905691b7282e362d30ed4367812c
SHA256 8866d7d2eed32abf17185576f1dca3963530848e593268c15cab09573979bae7
SHA512 e3a214a201a340bada21dc0f60e95ea43bc1022c87e8048505f706fdcd6beddfc166539a11f3610e87c247100d8cc9faf9a0e08cbefcae57511ce3e56de2b701

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c79fe18cfa244143197217e22463d849
SHA1 583a90347ab2549ffc189101f669a4c112ef1e07
SHA256 c4456c54cd5dd86733e62a0d9a7e73e79cbaa6247e3502f682354775d77f02ef
SHA512 af900543e472ae80ad54accf699d99ffb4ce06961b332885f8f00ed66121b79d815dd78161d53406817396cdb57f7a468f107c3ed9d83d58520eeb983b8548c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\_MEI39082\python312.dll

MD5 7ef625a8207c1a1a46cb084dfc747376
SHA1 8cc35164b7cda0ed43eb07fdb1ea62c23ae1b6f9
SHA256 c49c511fa244815cc1ab62a4dab0a4a0ffc0a1b99ac9333f60a3f795b99f65ed
SHA512 0872033ee3dc46066db3a44693d3802b5d158ef9e0481d1e33275934800cea6a79870ac0776a85f113daa67d9629b6d8bc67cea3d2a99445114140de1c29e5a4

C:\Users\Admin\AppData\Local\Temp\_MEI39082\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/1928-843-0x00007FFD9CC70000-0x00007FFD9D335000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39082\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_ctypes.pyd

MD5 aabc346d73b522f4877299161535ccf5
SHA1 f221440261bce9a31dd4725d4cb17925286e9786
SHA256 d6fd4502c3c211a9923d0b067d2511f813e4da2820fde7689add8261ed8b9d47
SHA512 4fcf8cc692ace874957f6f3159f91ebda50bc6cabed429dbac3a7c5fba4a28600175c0e780ed0d8a491b61c7582a2490469d5d26ea62560338024759d1fb51cb

C:\Users\Admin\AppData\Local\Temp\_MEI39082\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI39082\libffi-8.dll

MD5 be8ceb4f7cb0782322f0eb52bc217797
SHA1 280a7cc8d297697f7f818e4274a7edd3b53f1e4d
SHA256 7d08df2c496c32281bf9a010b62e8898b9743db8b95a7ebee12d746c2e95d676
SHA512 07318c71c3137114e0cfec7d8b4815fd6efa51ce70b377121f26dc469cefe041d5098e1c92af8ed0c53b21e9c845fddee4d6646d5bd8395a3f1370ba56a59571

memory/1928-851-0x00007FFDA18A0000-0x00007FFDA18C5000-memory.dmp

memory/1928-853-0x00007FFDA1FF0000-0x00007FFDA1FFF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_bz2.pyd

MD5 de28bf5e51046138e9dab3d200dd8555
SHA1 80d7735ee22dff9a0e0f266ef9c2d80bab087ba4
SHA256 07a67015f1d6e2b9d96c35ce64c10118d880ba31f505cfbf1a49fde9b4adfd29
SHA512 05dc987c27d82db8626d18e676efb5713221962a6315f40eadac7ed650e3844085b01690fcec7082f9cca37325d7812ad44c92f13f8c4000fbb09a7c8f634859

memory/1928-856-0x00007FFDA17B0000-0x00007FFDA17CA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_lzma.pyd

MD5 b976cc2b2b6e00119bd2fa50dcfbd45e
SHA1 c6e2eb8f35c1d4859c379f0c1a07e01a4ce07e05
SHA256 412ccc1f7dc368f1d58d0df6262e4d2dd009e08508cd6a69ef9dcc3f133a362e
SHA512 879a288062c7bb4a1940bca2d298e4e0b1020ec17858674d53e0ec300e151d534d26eb408c2ab62619e786a4763633125dbf6c4c84279b8d7caf05ffc6235b9f

memory/1928-859-0x00007FFD9EF40000-0x00007FFD9EF6D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39082\bound.luna

MD5 2506e2a4ca7f4cc7b60589198b01cbde
SHA1 ad2409ca179ce0c6835a62cbe0055a6366aa6e06
SHA256 6fa16617eb141ff67de48f8bd79529fc5b81f941608fdf733d2f9c4d0a8ec734
SHA512 e9afcb2fe3039fd0eb78099a1f384497d11d0f4848b1e1185e4e2ed6b2bccc9f35a14eb73159d51ea8fa2fdee3cc1f69506037c2b79be21b4667a962ccc2a5c6

C:\Users\Admin\AppData\Local\Temp\_MEI39082\libcrypto-3.dll

MD5 63eb76eccfe70cff3a3935c0f7e8ba0f
SHA1 a8dd05dce28b79047e18633aee5f7e68b2f89a36
SHA256 785c8dde9803f8e1b279895c4e598a57dc7b01e0b1a914764fcedef0d7928b4e
SHA512 8da31fa77ead8711c0c6ffedcef6314f29d02a95411c6aacec626e150f329a5b96e9fdeae8d1a5e24d1ca5384ae2f0939a5cc0d58eb8bdbc5f00e62736dcc322

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_wmi.pyd

MD5 5c069ae24532015c51b692dad5313916
SHA1 d2862493292244dff23188ee1930c0dda65130c9
SHA256 36b6ddd4b544e60b8f38af7622c6350434448bc9f77a5b1e0e4359b0a0656bef
SHA512 34015d5ba077d458049c4369fcecebdfedd8440ef90bf00efeeefe2c64a12e56b06fd65e2ec293cdeb8c133c6432c0a3a0c5104035a3291e034da00cde84d505

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_uuid.pyd

MD5 353e11301ea38261e6b1cb261a81e0fe
SHA1 607c5ebe67e29eabc61978fb52e4ec23b9a3348e
SHA256 d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899
SHA512 fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_ssl.pyd

MD5 80ece7cadb2377b4f9ed01c97937801a
SHA1 c272a249cbb459df816cb7cbc5f84aa98be3d440
SHA256 7918455d3ee3fa6fe040ad743faa1c860417df9b15a47fe1c0f2d78f01190f94
SHA512 796bd59bf7b7a43a8872da08b5d486d817d49dd4234a2b89f4269904a3d52986168eeb9e24cd768c954b144c28e9e20365d292f845778b3498688d5c4d87c68c

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_sqlite3.pyd

MD5 5456e0221238bdd4534ea942fafdf274
SHA1 22158c5e7ad0c11e3b68fdcd3889e661687cb4c8
SHA256 e3bd962906eadbc8f1d19e6913f07788c28d7e07e5e2f50cfdca4a3eaea2224c
SHA512 76a6ced4418be4636a40f1611c3d0d7aebb0e4ec5af466d98256025b722e99989332d5ed384bc2c79afbd16d051910209e9749e68910a335004e2902ea7df345

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_socket.pyd

MD5 0d076b9c835bfb74e18acfa883330e9d
SHA1 767673f8e7486c21d7c9ab014092f49b201a9670
SHA256 a5a20a5b9fbec56ee0b169af6ab522eaac3c4c7d64d396b479c6df0c49ece3db
SHA512 4a0b7909f83dc8a0dc46dcc650cc99c1b0f529193598c3ea1339d8affa58ccdd60601112e5387b377a297120ae1d2d73bfd7759023f2fc6b290662f4222e82cf

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_queue.pyd

MD5 0351e25de934288322edfd8c68031bcb
SHA1 3d222044b7b8c1243a01038ece2317821f02b420
SHA256 d42578f47fd56637219af0399cffb64b40ef70ff92a9e2e94cd9ab5a70010032
SHA512 33bd7812c568f0be2145f98ab8d3c06d0606374743f62eb3225800de54e9a44280254d352bef84d69c903002be845d545422d9079e0420d7a7f3a4c3bf86520a

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_overlapped.pyd

MD5 21ce4b112178ae45c100a7fc57e0b048
SHA1 2a9a55f16cbacb287de56f4161886429892ca65d
SHA256 6f0ae8f8a20d0c075413ac3e6d03b6e2f2a5cfbd89f93770f009cbcc784d59dd
SHA512 4045d15347c3e69c0b8f74b5844596f4f61c61000f317323dd4ef93b84c79854cc7cb4b66a18c4753b94f419a959ca9a489f06b4a61011be364add8c2cb34042

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_multiprocessing.pyd

MD5 ff0d28221a96023a51257927755f6c41
SHA1 4ce20350a367841afd8bdbe012a535a4fec69711
SHA256 bacdca8a3dd03479d293aeeb762c43de936c3e82254bdae99860bfa1afe33200
SHA512 04ee7be8cbcfb8876d2fadbfb51a8512fc7fde41619d8039235362bcc4c4d698394e6a61ae5f1f41cf818cc90141fa294ab60e8fa40e5b09467aa7c341e4279d

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_hashlib.pyd

MD5 0b3a0e7456cd064c000722752ab882b1
SHA1 9a452e1d4c304205733bc90f152a53dde557faba
SHA256 04aab47d3600deccf542ab85c1e8a9f9db2361884646a3fba67581c112794216
SHA512 7781da08930a121cdfa5c998971f27b9b74084cfbd6cab8470d8407e97b2e6a4029ca3780f5c487852a31731ab6af00d29abb8f4e32b47eb3d762e4dafd4a2ff

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_decimal.pyd

MD5 38359f7c12010a8fb43c2d75f541a2be
SHA1 ce10670225ee3a2e5964d67b6b872e46b5abf24f
SHA256 60dc9bc86b2fabca142b73f3334376b2381788b839b00b38c8e0b5830d67033e
SHA512 b24b6bf75bf737880c1ec0e5c2a7280fbcc51e7eeb34f5342fee98c393be31e50a6bc1e61d86cf8d5b8a0a96928a3c975973767ff1e2a9899d615ec972fece97

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_cffi_backend.cp312-win_amd64.pyd

MD5 5225e3fc11136d4ad314367fa911a8b1
SHA1 c2cfb71d867e59f29d394131e0e6c8a2e71dee32
SHA256 08005b24e71411fc4acdb312a4558339595b1d12c6917f8d50c6166a9f122abe
SHA512 87bdeacaca87dc465de92fe8dda425560c5e6e149883113f4541f2d5ecc59f57523cde41ad48fa0081f820678182648afbf73839c249fe3f7d493dcf94e76248

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_asyncio.pyd

MD5 ca6a6ea799c9232a2b6b8c78776a487b
SHA1 11866b9c438e5e06243ea1e7857b5dfa57943b71
SHA256 ec50468b21ddc95e25167bfabfc7a53742a8ff8b42f0eb4a74292e5c484e46f0
SHA512 e77c7b54660e7e92b29735170b09fb9a5405219036f48a1775ba7428ad6f247145b24a96449d755bce6542b40e343554037e85450f1df95980079a01b43bb275

C:\Users\Admin\AppData\Local\Temp\_MEI39082\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI39082\unicodedata.pyd

MD5 566e3f91a2009e88d97a292d4af4e8e3
SHA1 b8b724bbb30e7a98cf67dc29d51653de0c3d2df2
SHA256 bb275d01deb7abd5c8bda9304cdd9a9a7ec13fd7fb29cab209d5c939304257f2
SHA512 c5697fcbd003bea5c8db6a06a6520c7a2b4cd905c6b6a024d2c1aa887852cfe3233f2b3ca1811ad484e4f7a69d404d1287ec3619c1b2be5dd5b4d3e9221bc2d3

C:\Users\Admin\AppData\Local\Temp\_MEI39082\sqlite3.dll

MD5 93b6ca75f0fb71ce6c4d4e94fb2effb2
SHA1 fedf300c6f6b57001368472e607e294bdd68d13b
SHA256 fd60196721444e63564ea464d28813f016df6851f6bc77ec6cf5ff55b09813f6
SHA512 54e70f1617be14fd29195f03fc6bda7bb3d2aeaae4c416f9095cbab4ce25c6dcbd23737180826169a45adcc6f42b0bfad42d8f01f77a050ca62737b1ae625bad

C:\Users\Admin\AppData\Local\Temp\_MEI39082\select.pyd

MD5 5500103d58b4922691a5c27213d32d26
SHA1 9bb04dbeaadf5ce27e4541588e55b54966b83636
SHA256 eddf2cd2603f31eb72f55afe9ba62f896d07b90070b453fcea44502af0251cf5
SHA512 e8ba23a152ca8c6bad4e3dde6cd70326e917d7110cfa89b6282826c45d3732da79b397511ba1b6cecf019c5c75cab58ef1c2cb6c11af455aa5ab5d84427f8388

C:\Users\Admin\AppData\Local\Temp\_MEI39082\pyexpat.pyd

MD5 2caf5263ee09fe0d931b605f05b161b2
SHA1 355bc237e490c3aa2dd85671bc564c8cfc427047
SHA256 002158272f87cd35743b402274a55ccf1589bd829602a1bf9f18c484ff8e4cac
SHA512 1ba3190ee7fceba50965a1c1f2b29802c8081e0b28f47a53176805f7864745334220850f7f2f163e235f0d226ea1c0d28f3895a1207f585be2491d42121167f1

C:\Users\Admin\AppData\Local\Temp\_MEI39082\luna.aes

MD5 2d2174b27328cd9512ab2b3817a52210
SHA1 7342ab91ef2291dac24d4c29918aabca50b4f964
SHA256 44e8b3ed3dbe066727eb6072c3c1b33e092962f92697393686bd1ab6cd7ec5a9
SHA512 97c7df15e62cdd9a3537a85a8376bdcebd51424cf38d987500875c4b00ada85e852ef32204cc31aefc52859d566cbddb641a9b51b32afaab9ce84be96389d3f8

C:\Users\Admin\AppData\Local\Temp\_MEI39082\libssl-3.dll

MD5 7e87c34b39f3a8c332df6e15fd83160b
SHA1 db712b55f23d8e946c2d91cbbeb7c9a78a92b484
SHA256 41448b8365b3a75cf33894844496eb03f84e5422b72b90bdcb9866051939c601
SHA512 eceda8b66736edf7f8e7e6d5a17e280342e989c5195525c697cc02dda80fd82d62c7fd4dc6c4825425bae69a820e1262b8d8cc00dbcd73868a26e16c14ac5559

memory/1928-883-0x00007FFDA1F20000-0x00007FFDA1F2D000-memory.dmp

memory/1928-885-0x00007FFD9EAE0000-0x00007FFD9EB15000-memory.dmp

memory/1928-889-0x00007FFD9EF10000-0x00007FFD9EF1D000-memory.dmp

memory/1928-888-0x00007FFD9EF20000-0x00007FFD9EF39000-memory.dmp

memory/1928-893-0x00007FFD9EAB0000-0x00007FFD9EAC4000-memory.dmp

memory/1928-892-0x00007FFD9EAD0000-0x00007FFD9EADD000-memory.dmp

memory/1928-895-0x00007FFD9C740000-0x00007FFD9CC69000-memory.dmp

memory/1928-898-0x00007FFD9CC70000-0x00007FFD9D335000-memory.dmp

memory/1928-899-0x00007FFD9EA70000-0x00007FFD9EAA3000-memory.dmp

memory/1928-901-0x00007FFDA18A0000-0x00007FFDA18C5000-memory.dmp

memory/1928-900-0x00007FFD9E9A0000-0x00007FFD9EA6D000-memory.dmp

memory/1928-903-0x00007FFD9E960000-0x00007FFD9E976000-memory.dmp

memory/1928-906-0x00007FFD9E940000-0x00007FFD9E952000-memory.dmp

memory/1928-905-0x00007FFDA17B0000-0x00007FFDA17CA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39082\zstandard\backend_c.cp312-win_amd64.pyd

MD5 4dd9c42a89ddf77fef7aa34a71c5b480
SHA1 fc4c03ffcf81fb255b54c4f16f6ed90d5a1f37d4
SHA256 f76dc6f9ace0d356dbfdea443c3d43232342f48384f4afc7293b2ace813477e7
SHA512 02c04fa2fa1d8136730f2596740049664a4f9343fb56de195988d80151cb38e67e7fee1c140d2c5d7c439f19df377cc6e253f5178711f72b821eae3076b4e142

memory/1928-910-0x00007FFD9EF40000-0x00007FFD9EF6D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39082\charset_normalizer\md.cp312-win_amd64.pyd

MD5 e4fad9ff1b85862a6afaca2495d9f019
SHA1 0e47d7c5d4de3a1d7e3bb31bd47ea22cc4ddeac4
SHA256 e5d362766e9806e7e64709de7e0cff40e03123d821c3f30cac5bac1360e08c18
SHA512 706fb033fc2079b0aabe969bc51ccb6ffaaf1863daf0e4a83d6f13adc0fedab61cee2b63efb40f033aea22bf96886834d36f50af36e6e25b455e941c1676a30a

memory/1928-913-0x00007FFD9E930000-0x00007FFD9E93B000-memory.dmp

memory/1928-911-0x00007FFD9E770000-0x00007FFD9E7F7000-memory.dmp

memory/1928-912-0x00007FFDA1F20000-0x00007FFDA1F2D000-memory.dmp

memory/1928-914-0x00007FFD9E740000-0x00007FFD9E767000-memory.dmp

memory/1928-915-0x00007FFD9C620000-0x00007FFD9C73B000-memory.dmp

memory/1928-916-0x00007FFD9EAB0000-0x00007FFD9EAC4000-memory.dmp

memory/1928-917-0x00007FFD9E720000-0x00007FFD9E738000-memory.dmp

memory/1928-920-0x00007FFD9C4A0000-0x00007FFD9C61E000-memory.dmp

memory/1928-919-0x00007FFD9DB60000-0x00007FFD9DB84000-memory.dmp

memory/1928-918-0x00007FFD9C740000-0x00007FFD9CC69000-memory.dmp

memory/1928-925-0x00007FFD9DB20000-0x00007FFD9DB2B000-memory.dmp

memory/1928-924-0x00007FFD9DB30000-0x00007FFD9DB3C000-memory.dmp

memory/1928-923-0x00007FFD9DB40000-0x00007FFD9DB4B000-memory.dmp

memory/1928-922-0x00007FFD9DB50000-0x00007FFD9DB5B000-memory.dmp

memory/1928-921-0x00007FFD9E9A0000-0x00007FFD9EA6D000-memory.dmp

memory/1928-936-0x00007FFD9D470000-0x00007FFD9D47D000-memory.dmp

memory/1928-935-0x00007FFD9D480000-0x00007FFD9D48C000-memory.dmp

memory/1928-939-0x00007FFD9D410000-0x00007FFD9D439000-memory.dmp

memory/1928-940-0x00007FFD9D3E0000-0x00007FFD9D40E000-memory.dmp

memory/1928-938-0x00007FFD9D440000-0x00007FFD9D44C000-memory.dmp

memory/1928-937-0x00007FFD9D450000-0x00007FFD9D462000-memory.dmp

memory/1928-934-0x00007FFD9D490000-0x00007FFD9D49C000-memory.dmp

memory/1928-933-0x00007FFD9D4A0000-0x00007FFD9D4AB000-memory.dmp

memory/1928-932-0x00007FFD9D4B0000-0x00007FFD9D4BB000-memory.dmp

memory/1928-931-0x00007FFD9D4C0000-0x00007FFD9D4CC000-memory.dmp

memory/1928-930-0x00007FFD9D780000-0x00007FFD9D78E000-memory.dmp

memory/1928-929-0x00007FFD9DAE0000-0x00007FFD9DAEC000-memory.dmp

memory/1928-928-0x00007FFD9DAF0000-0x00007FFD9DAFC000-memory.dmp

memory/1928-927-0x00007FFD9DB00000-0x00007FFD9DB0B000-memory.dmp

memory/1928-926-0x00007FFD9DB10000-0x00007FFD9DB1C000-memory.dmp

memory/1928-941-0x00007FFD9E740000-0x00007FFD9E767000-memory.dmp

memory/1928-942-0x00007FFD91B70000-0x00007FFD91DB5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ‎‎‌ .scr

MD5 79d24c5e7a122cd9d624b43ffeeab6e9
SHA1 c4bf3a28b2860686710a688f09a21d2a8da8436d
SHA256 06e73acadc932573db1296fcf8d98047e32ec0663f62fb8560ebe8f2e832de77
SHA512 de2eeaa2683f154ea9693aa698dca57a9f086e664c693e884135ed4f6af430b6bc7ed2621dd4afa9e82fccd2b5998cda830f133e788f7be0763851d8a9a9d5a9

memory/1928-970-0x00007FFD9EDE0000-0x00007FFD9EDEF000-memory.dmp

memory/1928-969-0x00007FFD9DB60000-0x00007FFD9DB84000-memory.dmp

memory/1928-994-0x00007FFD9E720000-0x00007FFD9E738000-memory.dmp

memory/1928-991-0x00007FFD9E930000-0x00007FFD9E93B000-memory.dmp

memory/1928-985-0x00007FFD9C740000-0x00007FFD9CC69000-memory.dmp

memory/1928-986-0x00007FFD9EA70000-0x00007FFD9EAA3000-memory.dmp

memory/1928-978-0x00007FFD9EF40000-0x00007FFD9EF6D000-memory.dmp

memory/1928-977-0x00007FFDA17B0000-0x00007FFDA17CA000-memory.dmp

memory/1928-976-0x00007FFDA1FF0000-0x00007FFDA1FFF000-memory.dmp

memory/1928-975-0x00007FFDA18A0000-0x00007FFDA18C5000-memory.dmp

memory/1928-993-0x00007FFD9C620000-0x00007FFD9C73B000-memory.dmp

memory/1928-1002-0x00007FFD9C4A0000-0x00007FFD9C61E000-memory.dmp

memory/1928-1003-0x00007FFD9D470000-0x00007FFD9D47D000-memory.dmp

memory/1928-1001-0x00007FFD9DB20000-0x00007FFD9DB2B000-memory.dmp

memory/1928-999-0x00007FFD9DB30000-0x00007FFD9DB3C000-memory.dmp

memory/1928-998-0x00007FFD9DB40000-0x00007FFD9DB4B000-memory.dmp

memory/1928-997-0x00007FFD9DB50000-0x00007FFD9DB5B000-memory.dmp

memory/1928-995-0x00007FFD9DB60000-0x00007FFD9DB84000-memory.dmp

memory/1928-992-0x00007FFD9E740000-0x00007FFD9E767000-memory.dmp

memory/1928-990-0x00007FFD9E770000-0x00007FFD9E7F7000-memory.dmp

memory/1928-989-0x00007FFD9E940000-0x00007FFD9E952000-memory.dmp

memory/1928-988-0x00007FFD9E960000-0x00007FFD9E976000-memory.dmp

memory/1928-987-0x00007FFD9E9A0000-0x00007FFD9EA6D000-memory.dmp

memory/1928-984-0x00007FFD9EAB0000-0x00007FFD9EAC4000-memory.dmp

memory/1928-983-0x00007FFD9EAD0000-0x00007FFD9EADD000-memory.dmp

memory/1928-982-0x00007FFD9EF10000-0x00007FFD9EF1D000-memory.dmp

memory/1928-981-0x00007FFD9EF20000-0x00007FFD9EF39000-memory.dmp

memory/1928-980-0x00007FFD9EAE0000-0x00007FFD9EB15000-memory.dmp

memory/1928-979-0x00007FFDA1F20000-0x00007FFDA1F2D000-memory.dmp

memory/1928-974-0x00007FFD9CC70000-0x00007FFD9D335000-memory.dmp

memory/1928-1017-0x00007FFD9D3E0000-0x00007FFD9D40E000-memory.dmp

memory/1928-1019-0x00007FFD9EDE0000-0x00007FFD9EDEF000-memory.dmp

memory/1928-1018-0x00007FFD91B70000-0x00007FFD91DB5000-memory.dmp

memory/1928-1016-0x00007FFD9D410000-0x00007FFD9D439000-memory.dmp

memory/1928-1015-0x00007FFD9D440000-0x00007FFD9D44C000-memory.dmp

memory/1928-1014-0x00007FFD9D450000-0x00007FFD9D462000-memory.dmp

memory/1928-1013-0x00007FFD9D480000-0x00007FFD9D48C000-memory.dmp

memory/1928-1012-0x00007FFD9D490000-0x00007FFD9D49C000-memory.dmp

memory/1928-1011-0x00007FFD9D4A0000-0x00007FFD9D4AB000-memory.dmp

memory/1928-1010-0x00007FFD9D4B0000-0x00007FFD9D4BB000-memory.dmp

memory/1928-1009-0x00007FFD9D4C0000-0x00007FFD9D4CC000-memory.dmp

memory/1928-1008-0x00007FFD9D780000-0x00007FFD9D78E000-memory.dmp

memory/1928-1007-0x00007FFD9DAE0000-0x00007FFD9DAEC000-memory.dmp

memory/1928-1006-0x00007FFD9DAF0000-0x00007FFD9DAFC000-memory.dmp

memory/1928-1005-0x00007FFD9DB00000-0x00007FFD9DB0B000-memory.dmp

memory/1928-1004-0x00007FFD9DB10000-0x00007FFD9DB1C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8f3843a9da63a7c396a894b5865b2f67
SHA1 2e7f9776d1ba8b15aea00d84eff977929ed70022
SHA256 76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a
SHA512 06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6777498610a2f32c5f786a20dcd0f748
SHA1 baf3556bd316fa1320fa9a6ed931011693a532a2
SHA256 ee3447c225cf222bfa279001637d99c45ee7a4aa5b516a507049071e92c072d4
SHA512 d9c3ff2be42b6a30b9c333a938e6e0f07062235f209afa9a0b3cd4d02eeb5494fef290d0a426770cf61576ca45aefcdb35e4a9d6d7b3bbab3ee297ba9cd5fabb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00a984582b2fb82ee0c7d3586a56059f
SHA1 915d8e8a20831db2f78374d8b40ff1ac7285fe22
SHA256 0aaea25d2fc8f89d150f91316c9f220e6f42e022d7065410407bb71af66e2051
SHA512 970ffc20133da9f5367c7db76da4c2171f1053cffbbb68d9f975d88a6e75ea41346e2d43037a7ae32f824e6de3ea650bd3b9eb685a6d5c8c47bf593b7c4860cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a043fb746db2f0288ce8d9f3641976a8
SHA1 a57e58526cbadae9d4a0c28a68b994d813a822e8
SHA256 2ddab6b8bb91b292aa5e96b610f363d1f4316276ae369a3f0b03bef2357b2b62
SHA512 fd2ee3f16519c0dc7dbab0fc5212c2314ab7e414817a70cd43fb0939240b5eb42f077f4e8a699fdab7ca296fc3f406e6521a4ba195ddd4037c931f5ab96ee82d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8422a512cce18bac572c1ae13ff0a0a5
SHA1 96e85d5e2abdd0023c2f5659f76a6c7e918c6ee1
SHA256 d758e02ec68b8cc1255f8c4b9ca02053c19a329e2b9eaa65e27dd4db9e87fc48
SHA512 b9be7470cc20a001ece297fe2d42fd228f4ef7228e7a681f270875c2d33bbf1f57b3f5ef08effaee5a3af19d7e3537fbd40882e2cdd77fbd872447919aa61402

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\799dd4a3-faaa-4933-92b3-7a2db14bbb65.tmp

MD5 4b1a56d9dda95b6044deed03f562e900
SHA1 6424263ee6fdcd585217475d94c73b2bccbed5a3
SHA256 1957ad10680b893f5e760d9e3ee628aeb51b0b02533782f16fc3098f96966fee
SHA512 91a7915ce285713c8fde0a3d9c70262cd65ae66a127afba5a0810a13f09cf264f90e47e30713a1c0b3514718a115ba51d1482684d7a1db1b7976599a00c05ea5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4242f934f3e8bd31474848a5007137a1
SHA1 98fe034f1cab532d2f88bdf28b155c5209e169bd
SHA256 40f7a53a780abf308c8f64ce131250cfce439875391a1c051bef2f46882a4969
SHA512 fc038474fa731c5098a0a0430122aa8c9a6ed5b16a0a8405e72edbfc69acac8ea6810ad3005f56d5bf123136033d9cb5f6aaf8f1e619329493a1c87be47f5574

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf842e5d140a0291be051b55a59a01b2
SHA1 52573ad5e88582a16dfb05f47a8a013bbaded832
SHA256 2b90f396c0480fcab1823e7f43a63b809425e01344860de64779d63cc03761d1
SHA512 1c1b403818c2d4d3e44970fc173919d978062170728c548c951f0c1ad72b47f0d54d2ddf8bd7d73909f2ab3ac8b9ffddfe08bc259b9d03ef4b77d8e57248bf64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 93d86ffc9bea50cfbfa6ce769ce3ea7c
SHA1 af5cec5b423387dbbfb7d7398fb6e214bcc5af82
SHA256 ee111e85b4b754f4c32d79fd870dd5cac65301cd2cd93e9d4541bd6ce81ac3cb
SHA512 2027fce90dd580e419e5261a18b8ebf1b8ed3631de9aaf664c470384f29042bcad43f4564ee07f5345055f9caec5c49c42bdb718735915db5fd1ea71f23bbe28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c639.TMP

MD5 e27fde2a61e08ca030b875fa9958b69f
SHA1 8f5e14738f1446202af362c30882ece910df005e
SHA256 8440602c197c166d680b528537d8f316f9c1b249275795525f8bb6f4154db568
SHA512 b78f07a4cd8219f24b382076dbf049b8d609d56e73299e81a1eaa648ae3498049f98245ef6a6e2048415ced2a67c86d9dba4b981b8869ad748c4e6b535f95ef6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5ed4e6f1256f6ff98503164c29bc5e1e
SHA1 79bae11897e70d6b22c9ea77b25899d4def3a830
SHA256 6d291249220f9f1fbc43e6874b48b7d1c31750794a5271cd3cbc56f45a826c1b
SHA512 9959a00d4a4e2f4dddec833d630bf3d6b69167a6ffc3d7c2c1faf0460b67c7fb6469bf05ffdba158375e3e0ba31cff8e385f0e77420f9b0355d14e6d8ca65a0b