Malware Analysis Report

2025-01-22 09:18

Sample ID 240707-re7vsatekj
Target sample
SHA256 be4b1f18e4ac79c4768f01cac488759bdc3d9267c20419e0d897cfadf2fa8e00
Tags
redline infostealer spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

be4b1f18e4ac79c4768f01cac488759bdc3d9267c20419e0d897cfadf2fa8e00

Threat Level: Known bad

The file sample was found to be: Known bad.

Malicious Activity Summary

redline infostealer spyware

RedLine

RedLine payload

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Drops file in Windows directory

Program crash

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-07 14:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-07 14:07

Reported

2024-07-07 14:13

Platform

win10-20240404-en

Max time kernel

299s

Max time network

301s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A mediafire.com N/A N/A
N/A mediafire.com N/A N/A
N/A mediafire.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648348952956526" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ebd3231877d0da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 86019c1a77d0da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{4628937F-4ABE-45D5-8D3C-413511DAA679} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3292 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff841c49758,0x7ff841c49768,0x7ff841c49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1816 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4956 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2952 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5472 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=960 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3344 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5776 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5716 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3692 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3624 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3136 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5080 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4412 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4904 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Gotham\" -ad -an -ai#7zMap8449:74:7zEvent2618

C:\Users\Admin\Downloads\Gotham\6atManV1.exe

"C:\Users\Admin\Downloads\Gotham\6atManV1.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Downloads\Gotham\6atManV2.exe

"C:\Users\Admin\Downloads\Gotham\6atManV2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 992

C:\Users\Admin\Downloads\Gotham\6atManV1.exe

"C:\Users\Admin\Downloads\Gotham\6atManV1.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Downloads\Gotham\6atManV2.exe

"C:\Users\Admin\Downloads\Gotham\6atManV2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 964

C:\Users\Admin\Downloads\Gotham\6atManV2.exe

"C:\Users\Admin\Downloads\Gotham\6atManV2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff841c49758,0x7ff841c49768,0x7ff841c49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 mediafire.com udp
US 104.16.113.74:443 mediafire.com tcp
US 104.16.113.74:443 mediafire.com tcp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 static.mediafire.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.46:443 translate.google.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
GB 172.217.169.46:443 translate.google.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 216.58.204.74:443 translate.googleapis.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 104.16.114.74:443 static.mediafire.com udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
GB 172.217.169.46:443 translate.google.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.22.75.216:443 btloader.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
DE 18.154.63.122:443 cdn.amplitude.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 8.8.8.8:53 g.ezoic.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 122.63.154.18.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 7.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 go.ezodn.com udp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 35.167.39.135:443 api.amplitude.com tcp
US 104.21.87.79:443 go.ezodn.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
DE 18.173.233.10:443 tags.crwdcntrl.net tcp
IE 108.128.111.241:443 bcp.crwdcntrl.net tcp
IE 52.16.78.59:443 bcp.crwdcntrl.net tcp
US 104.16.52.110:443 otnolatrnup.com udp
US 8.8.8.8:53 download2363.mediafire.com udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 199.91.155.104:443 download2363.mediafire.com tcp
US 199.91.155.104:443 download2363.mediafire.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 135.39.167.35.in-addr.arpa udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 10.233.173.18.in-addr.arpa udp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 241.111.128.108.in-addr.arpa udp
US 8.8.8.8:53 59.78.16.52.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 104.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 104.16.52.110:80 otnolatrnup.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
DE 18.173.233.49:443 woreppercomming.com tcp
US 8.8.8.8:53 49.233.173.18.in-addr.arpa udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.chancial.com udp
US 104.21.79.34:443 www.chancial.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 18.195.135.126:443 www.opera.com tcp
US 104.21.87.79:443 bshr.ezodn.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 34.79.21.104.in-addr.arpa udp
US 8.8.8.8:53 126.135.195.18.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 2.22.132.239:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.132.239:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.132.239:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.132.239:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.132.239:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.132.239:443 cdn-production-opera-website.operacdn.com tcp
GB 172.217.169.46:443 www.googleoptimize.com tcp
GB 2.22.132.239:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 www-static.operacdn.com udp
US 8.8.8.8:53 239.132.22.2.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
DE 18.195.135.126:443 www.opera.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 match.adsrvr.org udp
FR 35.181.89.222:443 g.ezoic.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.119:443 id5-sync.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 34.120.133.55:443 api.rlcdn.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 apps.identrust.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
GB 95.101.129.43:80 apps.identrust.com tcp
US 8.8.8.8:53 8ffbf8539e55c325666ab094d2aff09a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
GB 142.250.180.1:443 8ffbf8539e55c325666ab094d2aff09a.safeframe.googlesyndication.com tcp
DE 18.154.64.187:443 cdn.prod.uidapi.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
DE 18.194.32.110:443 btlr.sharethrough.com tcp
DE 18.194.32.110:443 btlr.sharethrough.com tcp
DE 18.194.32.110:443 btlr.sharethrough.com tcp
DE 18.194.32.110:443 btlr.sharethrough.com tcp
DE 18.194.32.110:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 107.151.11.18:443 ghb.adtelligent.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 108.157.4.85:443 hb.yellowblue.io tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 8.8.8.8:53 oajs.openx.net udp
NL 145.40.97.67:443 prebid.a-mo.net tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 34.120.107.143:443 oajs.openx.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 43.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 187.64.154.18.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 110.32.194.18.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 18.11.151.107.in-addr.arpa udp
US 8.8.8.8:53 85.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.14.67.172.in-addr.arpa udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 172.64.151.101:443 htlb.casalemedia.com udp
DE 51.89.9.254:443 onetag-sys.com udp
GB 185.239.172.170:443 ghb1.adtelligent.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
US 34.120.107.143:443 oajs.openx.net udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.187.230:443 s0.2mdn.net tcp
GB 142.250.187.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.172.239.185.in-addr.arpa udp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
CH 185.196.9.6:43164 tcp
US 8.8.8.8:53 26.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 6.9.196.185.in-addr.arpa udp
CH 185.196.9.6:43164 tcp
CH 185.196.9.26:6302 tcp
US 8.8.8.8:53 26.9.196.185.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.14:443 clients2.google.com udp

Files

memory/4692-16-0x000001B8BAC20000-0x000001B8BAC30000-memory.dmp

memory/4692-0-0x000001B8BAB20000-0x000001B8BAB30000-memory.dmp

memory/4692-35-0x000001B8B80D0000-0x000001B8B80D2000-memory.dmp

\??\pipe\crashpad_3292_IBIYEZUVMQJYAMDL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4692-50-0x000001B8B9C60000-0x000001B8B9C62000-memory.dmp

memory/4692-53-0x000001B8B81B0000-0x000001B8B81B1000-memory.dmp

memory/4692-57-0x000001B8B80C0000-0x000001B8B80C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f409b5adf51ce566304a13b3369aef77
SHA1 f524b5e36aa169b205b1d02ad34b1f7747e55b0d
SHA256 170abb7bdbd7311bfe4e392e1a7636871833620d563647a9459168554e4a5088
SHA512 7355e94a401a351373a4c6a145d8433893627b0fda59e04eebeb75d79611345b26aab102a461c9a4c3c6c25bf2e232982c5c1ded8b609f3e13fa454a2f678062

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6a6ebde9b97bd9622be4311ea0b0f8e
SHA1 231c33226c4e25d7af999b6afb2d5767e545c0f7
SHA256 272403e2e1741629f73f5c60ce7a4f6ba23b7d804a05ab499f8795566a1b4eeb
SHA512 6244594f9755dac6d637a67db62426123de18123cd7becfc25948ec30f9ba073a67a39493c34db9912288a7597526b906d670ca5b99df61a83bde3498f1c0d7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a48bad75dcf4c4fddca361728c0c4903
SHA1 2d1b74f4bef9128fbf82d57893e9203ce8101819
SHA256 b01eaa734519ceab594f1919fecb654f42dcfdbe9e5f447197f75cfe80f3d6d5
SHA512 1d52187903f760acc29f17f44217c2aa67fce3dbdc1975da38e2bad2386de116450f701ee567e8e726f751e25f559f9ad4cb7586b94f38c1ed4cae244c046264

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 30ea8197fcc38b64ab1ef04b4f8e9ffa
SHA1 87729323e4b8046ae6f320219c9009befd62b866
SHA256 e12782c2ec3dd8b336b017fa8e12a4cec9aea81106dce751a8cf4722b9466cfa
SHA512 b7bbcde34bab8988505589ed0adf48e957d2d2cefb22c59b5fa0689141cbd4391a89c18b4b6043b665550ef9ba1516a0909b045ee2c5786ac83c4eba14a0e7bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5bd0f265cc14af43e7480b38717a434d
SHA1 61e2cbd13d1a27d98dfb66eaf29f8062228e35b5
SHA256 c86286e1dea9bf32b887ad851adddd707d121e035c8f4e5a7b6bff6bbe6bba44
SHA512 33e199548b906ec22430475d9e674f053ed83bdaf964e82097882bc82cf878408abf88d6e5c34eb6d51669d18536c4c16bdd4d8273c3a9f6e5bc4a254911e349

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b27a62df6638d1826a4ec9ade160ff0
SHA1 daa230c7d3f8595a9bc3ac6e8ad24529369ece0c
SHA256 6e6e22916b88f74b9309562a97b87ded5883972fbf4e2525bd3d1cd219b5e414
SHA512 6c9bf0f9e25e1986d8b0be2d8571f4e0f9a0c3488f0a709970d0b1aa49cde0b53f4360448af1ba6192a2b76f61ffbbf5990e2434120e4dad872832934f7a1987

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\330b9486-6807-4099-a738-768535fceeb7.tmp

MD5 4345442b4ed6c412597835ec7ea5e7d5
SHA1 8b297ebd4cbf36468c61b7800e4d34d27e4786ce
SHA256 24bbdd79fdc4c546d1e20b034ab9ea8826c278f2e8b718ff266b0a1a41387205
SHA512 4daf6702fade085638974ec38ad48ea63ff54e4cb68838c577f351ee8203429b52d0eec333cbdb185884b4190b05d5ba4565e62fec83bb641a5d50a244576bea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 adf81777aa8b82e69c7c628ab36c065b
SHA1 3413f00aecbdba5202e307b94a4d39d073427708
SHA256 3f18c4434ac20027e18e311f3111233e9a29408118c2a27af593d910b6123c94
SHA512 8e70ff5382ff09b93a8ac0f603c5f392ceab3544f22773adc79a5429c062fc725fdad2345c7e4a80dc893ef71d5f3d00f5db3771cbb4952b49337176d1f455dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bd88bd624dea2d6108b47bccb123246
SHA1 72e5069ca0bdbc207912d3ed62df83999550e44a
SHA256 fc7051cd043ad08389f51bc9b41e2e5c2b4dac54eb569b53694e39d0610fe8c7
SHA512 f5bf6229d093f9a53637888dbdc963aab6a60454fba2f085588ae903ab24f8a64d9652d97edb4ba296e537d92123561ae288beeee546ebf33c217d10621e0087

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 db7701e338d33851e431f620fb2628e9
SHA1 a621b190bb713bf0ba96e01ec7831dea5bf4a077
SHA256 90a458fe497044ea98ba980a60c427f1d27e350e57dec7eaca89952cf0ae2914
SHA512 8491a9e04d4a92c656029a070e32c8845357910b11551d61a049312e3e5c180d15d99ed80139a2b94e4249aefa9490d95c517370e4d38a1440e89b3ea2868a14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c994.TMP

MD5 e3cb0a3774bb184de297d1b4e30e097b
SHA1 c9fc23c2e47ec89c7471ac63eef223475b087f9b
SHA256 7517af59ebc17f23a1c368553780c8448372d2e6a66eaa1e716d155cd9af520b
SHA512 1cf16c9e7ba9a7b84bd9fdc0b1c79c97d106eb316996300d0ca3b501e28fbc1ac5900e50c9d8c7eeab7c862c0831009593ef56fd575bc51d0912b8112698ad37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7154c3e126b2b2429f860869ceb712fc
SHA1 a71a6fa5162060cd6767b563b3e937140c00a058
SHA256 4a8bb16d5f68f1b4f71eeb6550306a3eadd48b02adbc8340f53d81bc0ea2bd1e
SHA512 e0fb0e8fc9faaab30e1efea330b0c11ffd224476707ea408c650f3e07b2bea17a4f67eecc0067671e193bc81bf0475b44ba4a1f681ea687be947e150a6f24bd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce5a99b7101febb29a9b50b8fa19e4ac
SHA1 28ab2a2cb013b4c2ca8011c220d8146c4295d6b0
SHA256 9a3ef5746f35752779ae8db3d5eca629744bbf433a210d708f7087deeef1d918
SHA512 df2c8ed7260e4b2778037f8387826ccb74fa8aa288dd140739f9b3bebe2f94d7625f6ba166a469d328925b2134083476857a6827d54db4cd33f42820817b9fb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3c36753c675fd0ab88ecfb9cca335520
SHA1 3ed7f26940f39c846afd3a353cb84233960a30d1
SHA256 cad3c8721307505bd8ce3b8093338e66c6bc662c08154f85cb0d9ed7e7e418a1
SHA512 26c4875b3a1a840759f636698204a744e37cff50bb6fa2ceb8ffd8b93a80ece6afcd8744691058159defb5f88e148b0942b47142b718285e76560cc8e071b5b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c64929d71f8769929406b672778db163
SHA1 9dcbf05f8029ec6263ec43b6958a54626adb62d1
SHA256 b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a
SHA512 9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a90c73b206dbceed288b620db5c368fc
SHA1 84d1b49431cee59b4922618fc575f207b997af30
SHA256 3da3780f8b5651042a7ac8e27c75f45436a03fb8f3a77355f46dd7dd9176aeab
SHA512 8830d235624bfd975466f0999ae5dfe4f310f5eced0d3eef892268ebb5c8faa5840f5ecd53989288204895cebed0706a3954fe81eb96cf6674f5656b1c78f4c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 abf4c530a3a047b138c04b2bf40811de
SHA1 1019e465fcc1d0e7250d02fd270114c9d01cf315
SHA256 943bc6c6b7c26907d5b60c93d9b87faccbc1f1854cf0a207e818c011bd412a24
SHA512 a93bcdc18a5e544ef0bec22784c9b695b2fa4d5094dd34f34f9daf1d85b453513ddf25f646e94a6ca724a9a618329e10a62286cf260f3fedbff98b01d18265dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b975a143211c939025c9fb232791682f
SHA1 ff8ba34f1cf493ddc7f3555f05df67266baa1bae
SHA256 02f5ad1c90dc424aa61da1dca9911f34f587ec947883382944590af93da6a178
SHA512 f781649b5f56cbc7024c64ee89cb76a05ca12c1ccc9818a29b82fc2b6898fd20900f0472900b493c36ba7f5dfe263392ad31d625655efa71146b3ab61d75089c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0548a63cd7c58a32e97be292d7802079
SHA1 03de6178304821188306cfcff767a6d5055cc60e
SHA256 0e0833d52afa8cef769a220fff0919a12a2383246f086ed2e9f4bea0e27b01d9
SHA512 3fcd8b6dd634cdeda839aab3ebc9ef266b7463ff2fe989dbb32880831a1bf920ab4c07887af6a15184cdceb3e20851e008a95b2391dad69cbf4a7f4c1feb2e1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a33fa1ed260249eb0721f12c3bbf4bcf
SHA1 52daaaef80a4747d5f619b87e9bcec53b166a342
SHA256 24d5e3c0b9a50fae173b3ed44ec92e4f9104adb91145f838c9b025b9b1ce6c3c
SHA512 5eb4fba00dddcf6599fe5467f0432847f8d6737e175635ab2f1323afcac010ec8cb219b7a1cc64b8755babba2b5b1ab0e2140e7e5a27ee5bbebf995b50208db2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4e795ef3ec7a6897f83b8ef1f8274b1
SHA1 56e60743433fe8d4129e5977b5933a5e23a8446c
SHA256 a3b3bfcd0bbf90ad9fb329f389c2c02db229a00be7a8fa3c52b3f7717bb44468
SHA512 a1a00b1b4e0ae3e48131ee0274ae5c103999981721d8d476d66c0993e054bbd5f7d979cdd7988395f91363d786da786c167c598be882634a736e028959d94882

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 394bed75b62fde45100a5a16505d826b
SHA1 aa049644a98f80b0d442898c8f5faec08d07af4b
SHA256 ff7b8eb93db78f1527938208ac562ed9a08418a0dfbc16e791d30c8a8ddd2967
SHA512 c53ef8b00c915edbf6425958da63a896b00af7d951cfaa6fd042ac33414ba11900985b4e253082f8f74e8dfad2fa96f1279d0e712e6252dc61a52e2bd6d1161a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a14536881d1589b88030abf50275ab2c
SHA1 d991e321c895484da5ec360f38f60295fefda0f1
SHA256 e190a53053671e9a05d80a868714cc74a3f17ba7f0ea2cfa4c708a2d6c115c7f
SHA512 c62f78eed030ad0cbf0e3ea046f78452e0fbb134c762e01c52c4e8e3e551c4d929b540c114d780d2c5206889b9a44d211d7a35390b53600e01ddc5d8c655d55c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c41e1485224d350428e88f49a51fdf4
SHA1 81c73eee9b0bc4064ee904ace7c3961615d2942f
SHA256 121e9a8d09d4894f5ddd67d5652f6f0ec18988592fb23fd819c153aac400fcef
SHA512 00559e0ce8bd902171e599a52020fb1e2dc5884bca0cd1847699b20a5e2da13e2681e62761ab9317b5bc349371ec96413d35ccfc4f7d131914cbe6c092c1e5c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 a15e58f9f2a8cf46f18a42abcfa7455b
SHA1 79e2788a326ec6b5bfe08fcb6dedb90f209a1407
SHA256 a4e95024689eb9bc42c055a09e9c8f95f8973e9983841c0a8f768891d4e51f84
SHA512 108bd845fd6b48670723f8ad72b057e9a387ad9c80472ddffafe7b1daa5fb0305768c7da3ca20ac7116eedfc7547fa74135396c85491d079a045483e7b42e2bb

C:\Users\Admin\Downloads\Gotham.zip

MD5 b194d508d1ed553f7dbe01c16504e591
SHA1 7b8f9865e84ce2fae5f94b905f6f5ac70a9cb8cf
SHA256 776bd2ff315fc076de7a39a08b3e214887ad7aacdfaeff717bf7a70b46698b81
SHA512 59fb5b839b8ef210e2f7b76b01a271d022d86a316b1774bb4257d1c97d2eac7fb2479d3db715830b3f125f1322f10281eddb1b33c61b6d52f0e13a16c3b40099

C:\Users\Admin\Downloads\Gotham\6atManV1.exe

MD5 ecfe3ce61735a65165a9d4cbfa1e3836
SHA1 7e39cb0f45e0f5e59f70f63375c2f67ebf64ba98
SHA256 8d939f5956930a6b0d4700a4cb1f47c8255588964dd09ad9c640c50634d187c5
SHA512 d878c55fd9108b62f24841cd587a70fa5efe9e640d88d227025132c5e75fb86dd73de490d924015c5c52f6fbc7d174a506df97668e314ed9f9a7c06b067a7131

memory/4664-1056-0x00000000008F0000-0x000000000099E000-memory.dmp

memory/4664-1057-0x0000000002C90000-0x0000000002C96000-memory.dmp

\Users\Admin\AppData\Roaming\d3d9.dll

MD5 02e781dec432bc79ed9ea859f88fc55f
SHA1 29092d756b3900b3084b74692aedc89c28661a66
SHA256 5b127cbc52c1f449ab4a861a653e199f77af5aaa337bf4c660d7cceaffdf0894
SHA512 863dcb40e16bd90c2288a661e760c25569ed8f79bef472a45ec98a3a1a1398195c20a62d7dba1830e8e2ffb09eed717676eb731ecea09f8fad43bd97970ea82f

memory/1584-1064-0x0000000000400000-0x0000000000474000-memory.dmp

memory/1584-1066-0x0000000005B10000-0x000000000600E000-memory.dmp

memory/1584-1067-0x0000000005510000-0x00000000055A2000-memory.dmp

memory/1584-1068-0x00000000055D0000-0x00000000055DA000-memory.dmp

C:\Users\Admin\Downloads\Gotham\6atManV2.exe

MD5 a4c55c4d409ebe8ae7cf21d5ac49bc6f
SHA1 1ea88c261838f65c52b600ce5a1dd745f3646d3f
SHA256 df670585dba3923567610e24a5cf9b2d047f568adb24d3217e5993d69b949ec1
SHA512 0865ad047b4e974d43f714b965736d817ad350d58366aade0f66a24612db0ee167389dd6bcec8b3fe742208dbad0274a1c3c8914d573120d68773217cf2abf8d

memory/4732-1071-0x00000000000F0000-0x0000000000188000-memory.dmp

memory/4732-1072-0x0000000000AA0000-0x0000000000AA6000-memory.dmp

memory/1584-1074-0x0000000008700000-0x0000000008D06000-memory.dmp

memory/1584-1075-0x0000000008240000-0x000000000834A000-memory.dmp

memory/1584-1076-0x0000000008160000-0x0000000008172000-memory.dmp

memory/1584-1077-0x00000000081C0000-0x00000000081FE000-memory.dmp

memory/1584-1078-0x0000000008350000-0x000000000839B000-memory.dmp

memory/1584-1079-0x0000000008650000-0x00000000086B6000-memory.dmp

memory/1584-1080-0x00000000091A0000-0x0000000009216000-memory.dmp

memory/1584-1081-0x0000000009220000-0x000000000923E000-memory.dmp

memory/1584-1083-0x0000000009DA0000-0x0000000009F62000-memory.dmp

memory/1584-1084-0x000000000A4A0000-0x000000000A9CC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 04a323b4cd8c8ef50c5f3f30cea415b5
SHA1 e469bda23a4098002a1e3a11c38d87bacb883465
SHA256 1680f09fe8e64d1409a954c334783aeb0fa3b419b8f9303d48abe0a05e28458a
SHA512 5ffc5890eaab05d1d42a7a1fd10d8b8ef308e6996e6c80a8be4091da53a297f34fc7e574d48fe4794ab7a08bb898f22f12892ae7fce1ceca3ceb1b3f2393cc6a

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6atManV1.exe.log

MD5 84cfdb4b995b1dbf543b26b86c863adc
SHA1 d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256 d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

\Users\Admin\AppData\Roaming\d3d9.dll

MD5 b5db471287b28710acea74838ad7eb5e
SHA1 9daf5a065aa0bf9679807157486f8ffd689b28bc
SHA256 52e35ab2960c262e2cd70e6d94a02bda86223d08699d268ad872067e9eea0c67
SHA512 6b0f2cee9a15c2c2e9d02f638173c45b18a1bb74bc0ca5660d3874c0ed305810af51527ba1b41d06b4823904d2bb897c104606041cff9dfc6afb9f4af8b3aca8

memory/4044-1103-0x0000000000520000-0x0000000000570000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

MD5 7f38048a5b4bb647a43e93df970417c3
SHA1 f7022125ba74f50d0d4515ca0b47ccc88c2f47e1
SHA256 81d8c4d06be3654f64a49a2effb3606bb48a37556f4db38a524033d9949915bc
SHA512 06adc7711a98548c94954546a4a547b2547d63d1f26351a58e17d38b73c02e54823daf99d9aae8311225c02bf9e2f40bbb903ff6707c3ddaa64b1caafbbe342f

memory/4044-1106-0x0000000006540000-0x0000000006590000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 3df4e2a913df8e1a21f20bc7e2a1b0e2
SHA1 c6e5a8930122f463bdd54b9ecdf2e5168359bc9a
SHA256 59591893110458595be6a9d8802fafb5ce09c502f140c378538fe7386673b190
SHA512 3c1b01bd1c2a9ce8891c98211b67bdadd5028639ab6fe9c6bb6adb75870bf0914227113149a845864224e5c9bc17e7ac3bf7b4993926860977928612abc37b19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 18895874cd1cdfb91dd6d776c1ab33da
SHA1 10703e36fe51fafc4c617a74d8463dbf5af86b91
SHA256 1ab235ef75059a429f226db64ebc46af96496415635b792dae47036a850dac04
SHA512 81a9235af64807215ce68d2db7c0a21f6f3a9ede5142c2780bf3cb7c52131f73e5435f0a95ce23c24a979a16be2b6c461a6b1fb897cdacaadd3eab8739de766f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

MD5 d71395806a2ce6466686ccec852139e8
SHA1 ecad84a2d56c902d63cf57b9a75b8d941738c78e
SHA256 15750386611fe8f0448b6e00858597e92fce726554099151727db99dd7ed677b
SHA512 770030658685dab3d5e09b99546ee22787ba5b9dfe68e32a127b45769961f0c5f144dbaf027c04fd7f6fe0b2b871f88ef9d7e0607968184f815585c67ca794c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364834971005262

MD5 8f80d912d0fb70ff702d79eac11613fb
SHA1 6bb488f8fbab3c3652c48d1198e4a50ad69bbaaf
SHA256 5f8d4ce8a1bf7a798c17f6fcd46c94b146c04aaa432480c68208814fefd21bc6
SHA512 d464e952a0dd159ed7157348e2c1b04cb6608e1725bfd358791c6a360506500f1e43665e9f272eb2b5705fd4f5768173c8d4aa32fc6c51a4f9de4c8882c7d3e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 9079226d2b1b999d16a7e7ea4b7136e9
SHA1 5d85b3c13516105cafc722d320c6ecd30a414a61
SHA256 b7064b22366097213c47a7b7f758378d927025442eff43b7dcfcbb0988a5f30b
SHA512 e6ae8772a7b8ce3cafba9e36bab93283589c49aa2ef6d7363de58f7d263c72d96f1f14440eff9be0ffb4829829a04deb8b4e491b9136efa05eff65202b17aa7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 eb1222e4c7a5825f438dc6bc7d3cf598
SHA1 8de0bae107450a3d72eeaec1ee5b11ab0d0cda5d
SHA256 aef7c2bcc6ade175c0454a4dbd0c73dbe32a0c3688807aba89156f8a6316d383
SHA512 ab23fa7649b33ae5c8c59362a4f813d6806057b86a098aa2326bdd7b72954c6039047ed344bf4232350fda6b31ebc5160cb2507c8b99286eb735ebb164b16409

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 12f30db6ad721162063d1f0d923dff79
SHA1 9cfe9db2aa990a6e03b43d05adb522db2732ba10
SHA256 41ce85887c17784d5a17c187aea408dfc60289e8fc7a8261a4ecb44decedb6ef
SHA512 2db7ff81608e520ad10423f563d1e74a5d7bc5509cf3c1ae841b92bcc4cb5a7a48953a366f8b2e71021eb9dbe48e7b4660b695228b66f0990238f82ab43b1772

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 e4fd7d882019d4d17469b6dec52c1e16
SHA1 634d4af6b0812f79f085fd6599336c598bcbcad0
SHA256 574062cd506542944ddabd8362a55ae33286551d8489addbfda34d62d84b6222
SHA512 2b50e1c9dd287e2e21c8cf74f5eab4a4a784f2211c0eba95f69d51227e201d8097191faa6836eb79e1926b396ac0a6db52edef052af5c9d3c09cca0b84a7475a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 d8f4a4dc797a23c5c19ceafd1af19c85
SHA1 35141cd76addefa372573c726b6b3db402e42b41
SHA256 d05e40565911fc8218798ea2a8cc7fec054801eaf10e6e4572e1e926b84f8419
SHA512 407b2cc3f97cd8e076f4c20b6b14ca3059f65bb2e09277b2ed63292f02e9c0c22930ea17bb04ff558baa69c19a713fb1c044b02188e57693d711bca13ad9c02b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aa70919ae225ac755096061d84bd4585
SHA1 139fb1ea6878d3b449c01704554497fc8739dc88
SHA256 e8fbb46c1e0e487eec6c2db551aab3f1aedb982e508255bcb23d5ab30207e883
SHA512 553a3d77873c2b81f3aef4a80b4a8daee3dadf0506805c92983ba02c19757e0e50808da987bd61b6eb8c07a77811e67eb3ba794c2ba5c3b59310095447408d09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 225da863db240e47c8fb21bb3e20360c
SHA1 45eca2392a1779aedf4425f13f677ffbd252627a
SHA256 f6a94032e86175292035fcc87b7ab2931fc4b7b6115b0a2caff197330d567999
SHA512 6c69a15fc90ed71834097a81c47c961b74c1b02e16e8ddf686f5b6ecc8fec6ced954823cdfc0141a7fa3f13c8c192a1bfc97544fbf80439da34e056d7d87d1c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b4ca888f75a6a9f37a6bd1127591823e
SHA1 b992e9f4ccfec70193f71d081efcd5f213f3d552
SHA256 7c80c9d2aa963e8436f0281b921a9506d0b2626fbc056da9c5089735804b030f
SHA512 0128e7ce16154f886c4894baac338432a52cf8044089004f0e649ccd2ea1007803f20ab86928b93fff49b705beb71349df00b311aebba11d17e16f484795ccf6