Malware Analysis Report

2024-11-15 06:25

Sample ID 240705-trnzjstfmd
Target dlllist.txt
SHA256 662dd415e2796635702c49586fb99ae62a3c6f595976d6923ec8a4e7c23fa8fe
Tags
lumma discovery execution persistence privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

662dd415e2796635702c49586fb99ae62a3c6f595976d6923ec8a4e7c23fa8fe

Threat Level: Known bad

The file dlllist.txt was found to be: Known bad.

Malicious Activity Summary

lumma discovery execution persistence privilege_escalation spyware stealer

Lumma Stealer

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Power Settings

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Views/modifies file attributes

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Opens file in notepad (likely ransom note)

Scheduled Task/Job: Scheduled Task

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-05 16:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 16:17

Reported

2024-07-05 16:23

Platform

win10-20240404-en

Max time kernel

354s

Max time network

317s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dlllist.txt

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\powercfg.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1292 set thread context of 4948 N/A C:\Users\Admin\Desktop\g\[email protected] C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
PID 4788 set thread context of 2248 N/A C:\Users\Admin\Desktop\g\[email protected] C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646698899523987" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1280 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 2508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 3328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 3328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1280 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dlllist.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe5449758,0x7ffbe5449768,0x7ffbe5449778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff731127688,0x7ff731127698,0x7ff7311276a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4768 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5052 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3172 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5608 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5856 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1612 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1544 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4876 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3508 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3136 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4492 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3040 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3e8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5976 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6388 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6408 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6324 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6676 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6644 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5128 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6628 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6648 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6932 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7216 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4496 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6416 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\[email protected]"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\g\[email protected]

"C:\Users\Admin\Desktop\g\[email protected]"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\WKMCWL35YMPOXKAXYZLGE.exe

"C:\Users\Admin\AppData\Local\Temp\WKMCWL35YMPOXKAXYZLGE.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p1404753551733818025492326517 -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_6.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_5.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_4.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_3.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_2.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_1.zip -oextracted

C:\Windows\system32\attrib.exe

attrib +H "Installer.exe"

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

"Installer.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C powershell -EncodedCommand "PAAjAFQAMgAzAE4AIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB2ADEAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMASwBKAFUARQBsAHYAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMARwBkAEoAQwBzAEwAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -EncodedCommand "PAAjAFQAMgAzAE4AIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB2ADEAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMASwBKAFUARQBsAHYAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMARwBkAEoAQwBzAEwAIwA+AA=="

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk7131" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk7131" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Desktop\g\[email protected]

"C:\Users\Admin\Desktop\g\[email protected]"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Users\Admin\AppData\Local\Temp\1E9DEX69RVRPXJ3IQGO8WAQQQY.exe

"C:\Users\Admin\AppData\Local\Temp\1E9DEX69RVRPXJ3IQGO8WAQQQY.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\g\open me - 1212.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p1404753551733818025492326517 -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_6.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_5.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_4.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_3.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_2.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_1.zip -oextracted

C:\Windows\system32\attrib.exe

attrib +H "Installer.exe"

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

"Installer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.35:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com udp
GB 216.58.201.118:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 216.58.201.102:443 static.doubleclick.net tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 rr2---sn-aigzrnz7.googlevideo.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 74.125.175.199:443 rr2---sn-aigzrnz7.googlevideo.com tcp
GB 74.125.175.199:443 rr2---sn-aigzrnz7.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 199.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.193:443 yt3.ggpht.com tcp
GB 142.250.187.193:443 yt3.ggpht.com tcp
GB 142.250.187.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.201.110:443 youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 74.125.175.199:443 rr2---sn-aigzrnz7.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-ntqe6nee.googlevideo.com udp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com udp
US 8.8.8.8:53 103.109.125.74.in-addr.arpa udp
GB 216.58.201.102:443 static.doubleclick.net udp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
GB 142.250.187.193:443 yt3.ggpht.com udp
US 8.8.8.8:53 tinyurl.com udp
US 104.18.111.161:443 tinyurl.com tcp
US 104.18.111.161:443 tinyurl.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 92.123.143.169:80 apps.identrust.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 169.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 161.111.18.104.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 104.16.114.74:443 static.mediafire.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
GB 18.154.84.20:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 20.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
IT 157.240.203.2:443 connect.facebook.net tcp
GB 172.217.169.78:443 translate.google.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 52.43.101.88:443 api.amplitude.com tcp
IT 157.240.203.2:443 connect.facebook.net udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.16.227:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.facebook.com udp
IT 157.240.203.35:443 www.facebook.com tcp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.101.43.52.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
GB 172.217.16.227:443 www.google.co.uk udp
US 8.8.8.8:53 35.203.240.157.in-addr.arpa udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
GB 172.217.169.78:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 130.211.23.194:443 api.btloader.com udp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.21.87.79:443 g.ezodn.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 172.67.142.121:443 g.ezodn.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
IE 52.50.240.62:443 bcp.crwdcntrl.net tcp
IE 52.16.78.59:443 bcp.crwdcntrl.net tcp
US 172.67.142.121:443 g.ezodn.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 104.16.52.110:443 otnolatrnup.com udp
US 8.8.8.8:53 download2284.mediafire.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 199.91.155.25:443 download2284.mediafire.com tcp
US 199.91.155.25:443 download2284.mediafire.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 62.240.50.52.in-addr.arpa udp
US 8.8.8.8:53 59.78.16.52.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 25.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.16.52.110:80 otnolatrnup.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 18.165.227.64:443 woreppercomming.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 104.21.79.34:443 www.chancial.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 18.198.247.158:443 www.opera.com tcp
US 8.8.8.8:53 64.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 34.79.21.104.in-addr.arpa udp
US 8.8.8.8:53 158.247.198.18.in-addr.arpa udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 46ad3a7f2af575d679ca8899bf6c5fc0.safeframe.googlesyndication.com udp
DE 141.95.33.120:443 id5-sync.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 18.245.255.11:443 cdn.prod.uidapi.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 34.120.133.55:443 api.rlcdn.com tcp
GB 142.250.180.1:443 46ad3a7f2af575d679ca8899bf6c5fc0.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 oajs.openx.net udp
NL 79.127.227.46:443 c3.a-mo.net tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 onetag-sys.com udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 34.120.135.53:443 oajs.openx.net udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 23.227.151.242:443 ghb.adtelligent.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
GB 108.138.217.61:443 hb.yellowblue.io tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 172.64.151.101:443 htlb.casalemedia.com udp
DE 51.89.9.253:443 onetag-sys.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 11.255.245.18.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 61.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 95.202.197.18.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 242.151.227.23.in-addr.arpa udp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.187.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
DE 37.252.171.85:443 ib.adnxs.com tcp
GB 172.217.169.66:443 cm.g.doubleclick.net tcp
GB 172.217.169.66:443 cm.g.doubleclick.net tcp
GB 142.250.187.230:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.178.2:443 googleads4.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 172.217.169.66:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.180.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.46:443 google.com tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
IN 216.58.200.131:443 beacons2.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
IN 216.58.200.131:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
IN 216.58.200.131:443 beacons2.gvt2.com udp
US 8.8.8.8:53 131.200.58.216.in-addr.arpa udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
NL 142.250.102.84:443 accounts.google.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.200.46:443 google.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
GB 172.217.16.238:443 clients2.google.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 completedhallweow.xyz udp
US 8.8.8.8:53 bouncedgowp.shop udp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 8.8.8.8:53 198.93.21.104.in-addr.arpa udp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
DE 147.45.47.81:80 147.45.47.81 tcp
US 8.8.8.8:53 81.47.45.147.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
DE 147.45.47.81:80 147.45.47.81 tcp
DE 147.45.47.81:80 147.45.47.81 tcp
US 8.8.8.8:53 24.19.67.172.in-addr.arpa udp
US 8.8.8.8:53 completedhallweow.xyz udp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
DE 147.45.47.81:80 147.45.47.81 tcp

Files

\??\pipe\crashpad_1280_XVIRHBDGCIWLENJO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 207c74d00dde97f745578ef202e56038
SHA1 ccfd142508ddd43e34c4aef90058b5ed17c08367
SHA256 ee06a4a66c6c34beab3f0d00bc142fd67b8baf24f52a566ecc9e1d582b6529ff
SHA512 fa8d773a50cee6d5a71e9cd4f52a8eeb8e7db8ae45469e784c356671f90b5f8db481b0235e4dd7cf8a2a431bf56ecd045125520dca7867f1c19066679fc48937

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fe2f348272826fe12d8a02c8aef7451
SHA1 32e2a8c76f7db4e584d82fce8a5d7af9ff01e2b7
SHA256 3921780819fb0ac60849a151277bd64fc07d6a8cd7e4619f8e704f9970f49d79
SHA512 fd9672b9b95ffc361cf7b7ace84f05c37743b915116b958603628aeff6a94b0e491424538b7a16662bfbbeedb0e4c7ddac81122881fd87058c9ba48f17849fe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25aa067febb5d4cb94915cfd0c5333ba
SHA1 edf0c1c179517230e3d992299e7039ef38b5c368
SHA256 9ab35eca2f8f25b2ad3fc8c2cdf24afbe2239fc10667e13ee65473003d413407
SHA512 1c50e3ef5d10260c851cd6b2c5bb8d43bcd70f9175a757d29732aaf38b007eef5ab2da70e7382f0ffd2076389bce5c4517a972d208d0c71bb0e691b8edae10d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 574172b84628d7abaae86f14b7bfc0d2
SHA1 ae621ba2b903e8d2e6104c64473fda79b448eedf
SHA256 87024c0d249ff15f1dd7a4950c10906848aae26a1952b06a1c8832fe21de6284
SHA512 513a726f1a9b8a84e4e49eb83faafc4280cb7f52e70c8eaa80f1bdd80cc1f319c7557dda5bd83b488d3c0cb3447fef3fea41f1f7f936c339688392c86cb0c57b

C:\Users\Admin\Downloads\Unconfirmed 470433.crdownload

MD5 f1320bd826092e99fcec85cc96a29791
SHA1 c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256 ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512 c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd8de94c8954f35170cad0fcd26060af
SHA1 150d3b94d486e7475f5e7220d078bc427846be87
SHA256 089e9830d879b827896c5e1fb8ba02e41f57ff67995ebd5a1c03a71a4d09e702
SHA512 d324a9e8d24e23ed10491dd38186dc3139b1ab96068d7cbeb20a725edd27543cb4fc46fa41e98b298cb845ea6d49277dcfd4ffbd564d1193b6ae5b76c5e8080e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07464c93c47208fcf12224f669783f8f
SHA1 c14238105f5b5537d4669fc4a56653f6d26bdfbb
SHA256 aeba54fc449f579e2466043824e02eb46d661c68db7f90a88e4ddbdaaf65efa1
SHA512 d473e50ee4186732f0e144fb1ef845d058bdc18786a16e441bd6404f9aec51ea58c13b05025c6480bc3bab7c567ae249b991469b616de6a9512fddc356ead9c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 06a9d531b9dc3066b4d830b79b56e801
SHA1 fd92dff4f8f86d5ef891f7cec52347d13333188e
SHA256 1ef9e6e1218968285ab9f517403fd91c826b6343fce1cb9b191be0fe65f8d345
SHA512 fd2c6f8cc7582f55fe6052d9b1b94822353fb6187695f207227b220d0023a55e8b598915be8b8cae5be080296e8ecf7c0467612cbaa67d66068e3d6d9eb242ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5805d7.TMP

MD5 8ca61a9015bd36106b22052e0025814e
SHA1 45342a0fcd5049e74ca2fb63715aa1ab1d5bc8db
SHA256 51ce88c288b9211db1843bdba039edc9578b978aedfb7812c924c6987972567c
SHA512 7f1733459807e11ea45c37804ea5c10e9d4d85eb25fb84a9310b83c8101bf7d38b6fa3f3fcea2dcffd03252d28164b7e78671e5a7e5e9b688c53825caf9988f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eaaa6e1887f97002f4ce915943fb60d5
SHA1 91c331a4d6377ae274112204ebc55aca254cdadb
SHA256 42da38e1f61859bd504e72b7e580d5a9be7c32cb4581ddefe722fc010ac69817
SHA512 2c3d522cf72144658c7fcd7b3fe00b758d32a76a853db6ec03904fdcdc720ee252ceb4cb375e3fab70bd9a9f83b16b5d37716ec7ff0b20337ce7356c906c116c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 62237aa252521ea2ea2a9334ee8a0586
SHA1 8c91e2fb178385d40fb64d2d495f69eaaa0aa76c
SHA256 db65cbe4f3a550efffa15e7c6c34871a5f948ff4aa971f0ac9d60ea9ce19a842
SHA512 1a7b165309f7ef80d3aa100483a8167aa083b04566afa877724026a7b53875fefef8fdf608f1cf2793da41b891d6987d80ae1ec0b02872929eae473e96984338

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58240d.TMP

MD5 ed6a50e7604c2a56dd0d4ba050a91e0e
SHA1 3681deb47108dad6528a5e38b59776cb2aae2d19
SHA256 5c7e656ffd200454548212de7feb728acbb600f978b893495920dc47845fecbe
SHA512 7f87b98b2865a7b62d9c1c3e12903915e1406889e96d0e7f28076a0b8788874ddc05fe6e5be4ff5993dea92c00d5cc9109e5a91ee61628231504ed18f99b9348

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dc035ef8e84f1527449f76c1f975d548
SHA1 8af3b5445c4581858961623025da886802bbfacf
SHA256 fc94447c6550d0967ca18556bd68d1ac03a033316ae7aec5a7d91785dcb380e2
SHA512 a8d45c0c9192405c1d3e61ffd70a655278ea1445ecc0963585e922070262eee820a4425ec76c5e1e40726e26c1d9559558ff873a0ef5ed4dcca5d81106c0732d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 78f5afc18020bd32d2b544e0b4e3d19d
SHA1 9638545b698d6974dee1e39cb0471b3bbeb03230
SHA256 d606e6381012e9e8b0bba728afec23a01b90cdc2453246f0fed3a68a680fa385
SHA512 0349da1a2bb739a41205daaf3b9f6949971ec8de03b931bdc9c7f5b12bd96feda5a48c3e99ab728397f0af8332278302fbd9aec39ed6811d0eecad7e805476fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fc61bb0dfc0b4b71b39a7e82f1f44b0d
SHA1 3d550835be50b3e94d4ba7f8cda5ce4c9ffca4a2
SHA256 d432e591248c83376f603e6addf4661450e62cefa284167211c99ddfb380eb38
SHA512 b15751c13515be4bf437b7661578ba322ad9308ebaf50c9401616967593f486156184e72926929865884e4d52c3333fd7c4b07d0cbc909242db17a84547b11d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2f7bea0210b79683ff825102aa1a97ad
SHA1 259a3b84f987e5db20dea0314cd637200da4e534
SHA256 23bb41168ecc54ebc7871a3fd6b97fdfa31e31d3ee47d6c802e8f9aa57cc8908
SHA512 6db023fb6f2b2463ebe494960de35d5904162ea8a36328498b214c5f127039bd0d092e8a1afd67239149fce7167476af4b61508217d57823d78bc1f1ba18fead

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 127b7a9f7009939d0ae5dd1a48386985
SHA1 f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac
SHA256 9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962
SHA512 b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f2e3dbd38a6f035189598baab701970
SHA1 cbb71860c91b318743b3d255e838103baa150d6a
SHA256 23c61e706ea93104db3a7ab0b94ded2ea994dc778461d3e0115a5ec510386511
SHA512 b8da4cf7320a22216c6806d036184a226dd2057c433948c32b57c799dd1596ed4b1396c857a93344c01b3dd94e61aa512e4264f52cb6a20fabfb64a9cc9b7a91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1280_673865800\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b51d82f-d516-4265-93b4-7430852008d3\index-dir\the-real-index

MD5 837f8823f23717edd2b514d2deceb8e3
SHA1 7561d0418acb960da6dbf536ee074c24b3abc4de
SHA256 57443cba0e3c14310f4106114037dad4217019f507e82e6e870b6a566856f7b5
SHA512 368bc23ba3d197f0ee3feb0596df74fec35ae21ae42ef51c72e1d46a0fe94c568356ad31ee9570c7c756a7584f58162951aa7f9adcc94fd47d3636743c031d8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b51d82f-d516-4265-93b4-7430852008d3\index-dir\the-real-index~RFe583989.TMP

MD5 5a31cf8f895179e7a20487c9951bbc9e
SHA1 3842e2b71c7069226f9766061c2febef9f3d6923
SHA256 6e58ba4afbf7d937d6de7eafd4584af73bd19ad8ac3e703286af7db10c449739
SHA512 7ea7fb1bb977d0f3619d3caed3fd0d6a3ca1d8b6d81d9a49abcf5e4f68fa78baa0b71afddccf3e891945eb6b3f4f7ed13bc0f597cb72b9e50d8feebf8cf1819f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 cd3756106418d9e83a2baff9904ba221
SHA1 4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a
SHA256 57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee
SHA512 5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b51d82f-d516-4265-93b4-7430852008d3\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 70656fe3ca9bea5007b0fc4420b378a7
SHA1 aa82c73bc24ad40f8ae2b61fc2ab8154fe81545a
SHA256 aef583112d67dfe5878b8e483c9d89a1004753d9cd112b2e3d0a68ed013dc2cb
SHA512 c6e5a6dd9fd07f7abfdb5a6a629e55110ddf1c9265ad88a314175ce95f54bf6b32a93a0c837df7e652d55a2259685ec1660109fba1f83778e914e10e50320fbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 46483c9771749c97e4112d56f5fb0df8
SHA1 a9ed6207ceca540a3722c09f87ea60ca5d5f1d62
SHA256 36f74ab4ff65d80a809e524d34b5ba537bdf27255ceb545fb65159491eb69055
SHA512 e28927ee92c73a33b75820b7fff785199bbf4e7ab774e04fd54ccc01a18b0b60baa6f81317285efa31998167c19d6abfedfb15524b9a08767d6536edf7e169ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 50c2f04671e49212197f8cb99bf697a7
SHA1 760b409ad6a8beba6548278b853f5204251622cf
SHA256 8dfeeb51b82d98f37d8f3c12087873ec9b34e4aba1a81dbd2b50682ee603cfe0
SHA512 f9deaf62b88b815da929ee1e832f80c17d5ddb8deb1565574e1a4d4b05552b45294dc049f7256584a8c18bcb8677b6d2f408b27b5bec109f4ddfd3aaf5384e4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 83e6cce817ae985ec4eb541df8be517e
SHA1 6ba63184bf67ed3f0f95c679d41d21bb5bf89a81
SHA256 b1fc27562d8e3aeb5acd4194cd23b753162600a971abf484ad9f71a013e91cfc
SHA512 c0a668554481542a65ee7f0665bec607d7b95360f0cf8c54cf4106064f1e6eeeae7d2a95c09e08d001f98e001d2ae15cdb8410b0c706f9892698b3df306c0bee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1f1f2e3c86bc1d94f31991f516ef5f4a
SHA1 8a8cf94cbbf31543c90000b6507ef189abe2e749
SHA256 97940d922f80246b8a87f5bc227225e483004c8aae13ae43c74474d11266b8b2
SHA512 3aff271be93efc79a068259860b57bca7dd3c8c4237e6d4fc75d8523572a1589e535c74307b443d14f2979df017784ee1013b693f2acd8306cee053bfc58d640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 e09df5a23acd241007ec35851474a7f9
SHA1 9802085247211e3c82c5e6fefc003e7c1f21227d
SHA256 846921a45a6d2203548059f9b22a5a5513105e43098da955bf402e681020bf56
SHA512 765b7cfa03aa7d750a18ad63c072c069329f4a7f7a594051c01700934497533ad07dc503c8b3892d5ac97f14b8b85a6f4868c7e5a1a4d2e40a7ae4f7514d1009

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 c0637a08f2ba40c56260782d2bb3ace4
SHA1 a2bf4298414a764ff1342b3f48f45b4dc1669a96
SHA256 d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e
SHA512 736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 af5bf693b92c0d2c8441b3a6640c4ad8
SHA1 12ed4ac73239e542ab8d7fa191dddc779808e202
SHA256 b9f2c3f2ec75955d96309f759eaf9fb6bf576c238377491dbb92de1768a26012
SHA512 c2ef099832fc5e8f1e67acbd550b0590c0fb5c291761280a2e74e6a97763906b9c0c1a2295f285462ba3a0ed7cd5658f296e5f0f9c5d11a97ba210f352f8a438

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28b166c53235ba31953f772e3fdfa11e
SHA1 32f29f6e6d44f427b6eb4c0ec7ec57718f888ccb
SHA256 41c669c4367e5f76d37185c45d8c0756f201bc4ee73a578c1e48aba2f6ca828b
SHA512 4650de471c7068e4be68d160aaced6f28ac5a54911dfff3ab481448247c2c4e1d6dca896195dd48bad8410af61e055f0a346e3971ec21ca6335e3484e66a70dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 daeeb8db0d7d67665e7c30c812fb44d5
SHA1 733ca5cc606a6bac044a3cd8e823cbfce5db8a8a
SHA256 cdf11394ff3180eced054ea01d7d72803e49c180b538fa7257004c64160fa27c
SHA512 668c6cf82ee8cdff2aa6d421ef3d1fb74400300a7171a44c7ac13d457a33603ebdc99b1e65bdce36d595769804c59b15b0a595beb7818b07db0a7e1c3d1ad51a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d97820c894338b62ece249d1b3a3e33f
SHA1 07b94dce3986a8caf58aea2a98e8bab117415db3
SHA256 f753c10e3cee2e68a87f08e4bb87d4f5531f52825d00a7abeabe5a4e9cc5b917
SHA512 77812a6c52853f8a52dedeb01b36a08e7dd7ff0092598b6d38680fbd5a06ab60d4d43ac9c2663538570091613371fdb9e19c97bbd6973afb9d12e15b64e33309

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 675cb66bf44402292c9f513e881cfb31
SHA1 d386b8b985974dbcc333a5b4c4d6b249a7ba649a
SHA256 d34eda46ca4c4455ea9ab8434b3306eabebe0fe1eb4742d10d0d7e3294e31025
SHA512 9891cdfc97ffdb629392f22423daa9026265bf38db0728263a3ce41e2357a25e50577cf81ca79570915dd0fe4e43facdfd97b3165e3fdd80b4d6d3c910aa4c06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 510e606763439b944bb60372cda2f2f3
SHA1 d54246ea737e70d1a62cbc035e9447fe575c6e48
SHA256 ac8efa245597596a101fe5d0c27a6dedcce80e22360105f9c79f7d937842c6bd
SHA512 4cab693d46b9aa0440fea2104b2729167e80c2a968ac1856cc68a49cc6796b9636e40b633dd05035e71bd0d1e7f4282bb5e0c759a5dde58ee061e264a3d88407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 919c013bc435691e83bd74dc4011f259
SHA1 0e6b1bbf074f55ada01a0879aeeb92d488a11459
SHA256 af25acb6dd48273df1f6a543fa7d746c3d8e1eb19935434d14c0748f36c79914
SHA512 b80b79082c8fcdc18eab00bed608edcf4dad6ab748751e7a132c537e72c837bdd2271feb83da8a5cbd9fc3eca5a615e1bac9a3f2fac4c14325183a1bb8838767

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589035.TMP

MD5 87e22e600705132f865da8b8084ee2f3
SHA1 bdd447b05ccf25d87695fd27fe0736240462bb76
SHA256 e98f8381b449ad70c317354ab6fcb6787f4746923effa1eca96182a580ce8927
SHA512 9614b0a0864a8c54a763219c5adae6039a14e696af179574de15b06fa86b4cddca76be24c58d5659ad6a9e60f9c3f890eeb3c23f022becfe08eac4e8b0b4e620

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1a007201f7057d45e77da4d58646fd33
SHA1 2cef93fdaa7031376761dc859b762c919f9a683c
SHA256 e61f7e6434e21723b819958b9b2667452caf872042fc75aaccaaca0b83e5479e
SHA512 8c6a78ebadae8c9f666718d3fa93070723c66e6c6b3476e598a277b5f3ae2381400504d96f962f18bdd1dc960f89829d087d8a66cdfe477391ccfcee6ae6a85b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1aa9b3ff242ced4708800ebfbd76911d
SHA1 6ec004005c84ce4fa9471e6b87a3540f98641e1b
SHA256 c44091abedf635819aea3b08ef06ee823bf34ba7a1ec105254243dfa1ed7d34f
SHA512 364ccb63d7b59f2dee30a5f457bdf0ef276b2b62f1dcb4ac05d190d8744a4b09442cf813aeaee82f63cfa05c672e6d9c5ba5034808ad0d5bdd80d57a930ed783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 119b1cff70ad33591bf424a3dc2e4e44
SHA1 cde562dbc56922a40ad09e4b7c68e4a59da638b5
SHA256 64eeaa110fd4d5b5f37da344ac7b6a2d5c55c4cdeb2fd2ef7c498fbc4f38381c
SHA512 a643277ddeb0bc0160f8582c0e940ac92a925d8afb792ca898a9de5d0024c62d41cb73dc45287f3bfc7b8080e5b2344771bd97989618608899c929731266c2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\05136a26-9310-482f-b6aa-d581a257b03b\index-dir\the-real-index~RFe589bed.TMP

MD5 e0f22f78275801e1d8992b8aae6878f3
SHA1 04c5e81fc09f41df0e87fd2544eed8049be2a005
SHA256 1b2b0e612518d1aa58693a07b998ab28982a5e9ae9eb15e9e39f2dabd5c23263
SHA512 708b6d70804d6e1905a7239318cc11915c456743830433d5736a799a3baa2e8ad12e3093afb19fd43f47de6ed3f4d232a93932f6a1e18e07db024765663c55e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\05136a26-9310-482f-b6aa-d581a257b03b\index-dir\the-real-index

MD5 bf3c132f763e844b6e2dce8762eaad43
SHA1 fbac683411ea33ca77d580175a3494ea9f44dd99
SHA256 bc05ef6ba25c777cb44041385bc10ab549f533dc4bd6f5d9819b31d2393c3827
SHA512 22be5454af1fd016c5e270b5b0dadac62da850f7e06887b7e74b5ce17b17a0aabdaa4abc2738eafd0837707604318234b0456289bcdd974265bcf3dc40bb0088

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e7b5df4109426689cddd4b6bf3468746
SHA1 06cdb29a6ea6c1a5cc72c5576b75a972aa845553
SHA256 fd4d56786700a545c31430185a4bf5f56382f62f53d08f2c757d66a2bcfce070
SHA512 7fa50a9cede851e66400dbad53bc20d04cf3c77591a322ce93acfaf2ea09f2bb917deefbbf55767af4ed308043e03690b754d29dabb2da8e23037bc3a9a74aeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 14a0786ae496e490e557c521c9e41798
SHA1 89a2d216e5a29105342928228d2f377c9cb88a0d
SHA256 96d0e16733f0617e9a59f320614bdec37d75b02138e0819f292a0df158f40bde
SHA512 186e0e86d8129184764654d7ada993100c95abd2497ef25e2d17c59c2b897cab17143196fa60c7ab8559d4ea1292bedd81bc960b2fc8603564f110838eb5231c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 2a0541e3cd0884d22ef62ada2444edaf
SHA1 9eb53b176b8ffd4b462b4060f56c2c394b47fae2
SHA256 bc0c84720df8f75a831ae3a395e0cb58267fe81ceb09ba56589f4f85b5dec160
SHA512 84de6886d633d35d57534d4dc331b3533bdc5f861f1b8d57c9e4596115ea1d61dd6e6dbb6e6e17912fd19123724d4bb58d9add2dd0c2117fc0d8ad7a2f6259f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\14fa9e25-a557-4f72-a35e-4aa3387c1a06\index-dir\the-real-index~RFe58dd8a.TMP

MD5 ad89ac5decf3ab8a1424525622bd959b
SHA1 595fb97950c5fb7e0c072ed1e5250dcf727531b9
SHA256 e66e344b50266e5ad321145aacb9f412dbc7aa76db60aa4c5457edb01c7603e7
SHA512 1779420ce2d8319dc647f7f0f7087f8cdc0fec7ced354ccc7b01b5d3f1787abeaa8118a8a805166076050ce90bf76769680cae520a59ab5a611f6c01c777a501

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\14fa9e25-a557-4f72-a35e-4aa3387c1a06\index-dir\the-real-index

MD5 33cf4bda37e462b62eb2aae3baea0fbd
SHA1 3e8bca5b0499bf599c6217ca933deefd8d71584f
SHA256 6f3a56e45e2a9e8363f050afdcf7fb3414ba9603b67321e797c91eccfbfeea74
SHA512 62995ff338d069694918829046515de98640a1e76bdf1e8cc856cd00e0602d625ac77c2f466a5ff8bcaeac5f264944f2151e1a817039c90c38fd23534700d586

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 60a72069c6b23d96aa934b7041dab181
SHA1 ae988d09a66c823be444eee74237ac3ee4f9e649
SHA256 cadf497b0d37b734219efd377ed3a5f519b175571cde49471bd94e943f184e8d
SHA512 66464a192a06560200d0c4a4fa8d86e96dc8e15d638fa981ed1abd16eb1fe136d3b3102d8f5b5449a667108febf258107742b6ea2148853d2e30f2a9ddbbd680

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a7356dfb822ffb462e9decda0ce76d1
SHA1 08314d8ee25014c8b5060cd30350429c16ca3f9a
SHA256 1b49127c86f9d120708c6697d41909bb508e9c11cef57d277450540641d8892f
SHA512 ef27a760cce24f4e4bfe88cd99aded9dded7c4c06a43c4416f2fe515fc25145814695f5f1fc1252315ed37ff4178648c9172afe97ecaa3cd0856fd6958a25472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8e3c132f6d74a640cb076f2064b5823d
SHA1 4de57cc5a983738803409ea00497af4b75631a39
SHA256 c91f18847242ec94fba124a24af56fccf2366d7d71ef1b2101836a45586f62a5
SHA512 2b63d8a47fad5627fe4493d2ad13210f9f495a106ade10f1a0404c91c3be3789ada275fbfc95d835b5f57ba4c33057aa8b942676cd6c47282812823e8bb0e60e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b3bcacd0e670c98dcde8d4b52ad8bf7b
SHA1 a7037e03e03df2c7e8e91028edbf15b6526efb8b
SHA256 dd058e8318c3bab46a9e760dcf4a891488df72f5bde211fb7ad797c63719b6cb
SHA512 6f58a5199d676b298d3045ff6f4f7f98ac86a027630f6e2f9afab1783fdf0ddf03e91b1d05358cb1bcd793badabc192d5c643323282f4221a7008ea4798d655f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 268c0d198d8aa69f5e627899fe77c0cb
SHA1 eead79e582dfeb5b02c9f0a758c19f65c008ce98
SHA256 1b9c852806f69bca8c1d9bff59cb0dc7bbb93e1b3358c0ecec23a41a01035f4f
SHA512 237053223b5e6b1034891398fafb6a45e8fe3e41cd3048ec77d9c8c4b29af96aad7afa35ee6b185dde76306b315e878d6d9f028b73bf3c86cc8392983e81754e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8a6d569957844d49c7cc9547e582bb58
SHA1 8126f872767475d462b5a2147fe03a5cb3d84f0f
SHA256 1abc21fed2248621806b519ef69a96823b946dbf7e953c7e600ff57ba5808baf
SHA512 a7d5262ed9e2e4dc5f15450617f88491ff04ba8471342672aee02a137f163673be48f1cdee1d2e5a49a9de6f8143082e1b90fd6a1651b364ae8e56aa360c550d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d05099f7af424a64757cc1d08de70766
SHA1 eb91685de3553f49773a39ebe944045e429d83f6
SHA256 15c70893bbf6b342d15a1847d7954dee27b6e60e65556352849c8e4f48e06202
SHA512 12aabe6908ae50564a5588d797552f96fc5f28c018fc91bdabde6202ae259b50d99cc2de1b6a7b5fb6a8a94255b574b89865ce80d64a4cc35c70d1c6cc1b62f7

\Program Files\7-Zip\7-zip.dll

MD5 8af282b10fd825dc83d827c1d8d23b53
SHA1 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA256 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512 cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2768a5426f55c020eec2466c723fe0c2
SHA1 7a2634340833047092b95f3d2bde8b4146a98afb
SHA256 bca62e0abcfc03483608d383555879b1195cf442643197972827eba6fc450dc4
SHA512 7f10b7401c937807d21ebcfcc100757457b6f1731d7b652873b2a26ee3dbac8621bfd16d14bc2e5768e5f75c56826ae61b22c6aa0e98bbef00bdb755733c1369

C:\Program Files\7-Zip\7zFM.exe

MD5 79e8ca28aef2f3b1f1484430702b24e1
SHA1 76087153a547ce3f03f5b9de217c9b4b11d12f22
SHA256 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7
SHA512 b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

C:\Program Files\7-Zip\7z.dll

MD5 0009bd5e13766d11a23289734b383cbe
SHA1 913784502be52ce33078d75b97a1c1396414cf44
SHA256 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129
SHA512 d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

memory/1292-1842-0x00007FF6D8E30000-0x00007FF6D995D000-memory.dmp

memory/4948-1843-0x0000000000580000-0x00000000005D6000-memory.dmp

memory/4948-1845-0x0000000000580000-0x00000000005D6000-memory.dmp

memory/1292-1844-0x00007FF6D8E30000-0x00007FF6D995D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 923d82892bbfce310e0a9cd95f8273b5
SHA1 4ad97c743c36aa99d78a1f2f94a68c0c711a3adc
SHA256 39ef9f417ff0acdc3c07969022f34b9d32949c1e3dc08eff96305aba85c90c04
SHA512 d662a03465aa29b54b95b6424cc8765ff78ce9e38a1c2963c2368bb2968dc48f2790d5513d207b5a8b56b6087e99372d14b308c3907c594cbcc56f1407c35954

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 203b0c9ac8fa8e0182ab93256f0ca9fb
SHA1 ebc596ee679a3e2190fc191469153e030038596e
SHA256 ba60baffd78b1f2422b4e7dc14963fcaf04fff89864649e910a105f8c8371f31
SHA512 04da576f4fd7ccdf8585b64774b022b1a4ba7b988f59894186140b6634d0af20d521829fdf63604211f9149ba17d1cc3040852d0f53876eccf136c85c65377d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 51e6a3d7c6f602712c0507bd982aa53e
SHA1 8826e627c241bce1aeaf6811d513baf1ceb39d47
SHA256 ded5edb7984ca4e03b686c0aa6a7960594c9ac31f8056149fd1bf2dbf195b1a1
SHA512 720996570825b061547a8f8d01f3618188309a8bd83248e5b18ff5621eddb18374eca0330e5d7fc7e242488239372c518123fca3ee6aee7868218006e087ab1a

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

memory/5828-1898-0x0000000000A30000-0x0000000000A3C000-memory.dmp

memory/5828-1899-0x0000000005770000-0x0000000005C6E000-memory.dmp

memory/5828-1900-0x0000000005310000-0x00000000053A2000-memory.dmp

memory/5828-1901-0x0000000005290000-0x000000000529A000-memory.dmp

memory/5828-1902-0x0000000005470000-0x00000000054D6000-memory.dmp

memory/5300-1905-0x00000000072E0000-0x0000000007316000-memory.dmp

memory/5300-1906-0x00000000079B0000-0x0000000007FD8000-memory.dmp

memory/5300-1907-0x0000000007900000-0x0000000007922000-memory.dmp

memory/5300-1908-0x00000000080D0000-0x0000000008136000-memory.dmp

memory/5300-1909-0x0000000008400000-0x0000000008750000-memory.dmp

memory/5300-1910-0x0000000008340000-0x000000000835C000-memory.dmp

memory/5300-1911-0x0000000008BB0000-0x0000000008BFB000-memory.dmp

memory/5300-1912-0x0000000008AA0000-0x0000000008B16000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2s10wuns.0d2.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/5300-1929-0x0000000009B60000-0x0000000009B93000-memory.dmp

memory/5300-1930-0x000000006F310000-0x000000006F35B000-memory.dmp

memory/5300-1931-0x0000000009B40000-0x0000000009B5E000-memory.dmp

memory/5300-1936-0x0000000009CE0000-0x0000000009D85000-memory.dmp

memory/5300-1937-0x0000000009EA0000-0x0000000009F34000-memory.dmp

memory/5300-2133-0x0000000009E40000-0x0000000009E5A000-memory.dmp

memory/5300-2138-0x0000000009E30000-0x0000000009E38000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8f929927d0e7e1e287ce2fc2f02f6020
SHA1 e9fab08285ed4aba77fe6960774380a0a67704f7
SHA256 9c26a63979331dd7b9e49b8c8cdf236e3d3174b187d03361bc8108abc7f07b3c
SHA512 0885f99f5b3fccc910f57c77ad686d3927f11ef8957db2af51d3df7e499d55a2d32c4fae986913984ca890e7a463f10c6a2d7e8dbc30e74ed29e60d7c683ff35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f6a1cc309f7f5d733bd647db3051df1
SHA1 12f884ebc3782fdab2ac55613d3411f2cbc1ee70
SHA256 f594186d7cfc3656057985269caf63fc2d378519f1ea6ced2abda9a2ce1e5c9b
SHA512 ca929e53101aaa72d71807e05877bc444f2ac22d3f8ec3859fce33caab8dcfd6b31dd3d83baf751f8ddb2cdd6a383354331f42de83718e49d5e9ddc20edb3d4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 09aa9cecc64b55e68e7dd951da9a15a2
SHA1 177f32a32a93b74fc225532c14b9c40fe0ffc241
SHA256 3c58ff2fb834ccd154a1e8892b30c55f4ab7f386a7e5987a6c998edbf41c78d4
SHA512 0d3bff1bc138b19d8089c4aba0a6c2c934bb9774fe485295dd3f0c2fc43e7fb04135608eec684d0d72dcf337f0ba66ddd45754f2938a50219b93edf49a25d951

memory/2248-2265-0x0000000001000000-0x0000000001056000-memory.dmp

memory/2248-2267-0x0000000001000000-0x0000000001056000-memory.dmp

memory/4788-2266-0x00007FF6D8E30000-0x00007FF6D995D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\main\main.bat

MD5 893874465a8d9f68f0684fd61e9f1d3c
SHA1 866a58255ebab05d4ee2f2ed8383a6555ac1df03
SHA256 e0855b82ec99b14bdfa38dacf90dadb2071e0d413c6559c752e0b2c6e8cd08c0
SHA512 1cc878a3236a5ce4f3a89fae580b4d16a7842fd03dfe0a2c7d1d5da5be822528ea3826f659a70de727c9307fb15997f56b7204582043dc7efcc6c818f7aa2bd7